document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-03-03 01:10:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from LCTT/master

Browse Source 
2021.5.3保持最新
This commit is contained in:
HuengchI 2021-05-03 22:51:57 +08:00 committed by GitHub
commit 4b501b2359
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 1251 additions and 674 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
translated/tech/20210330 Access Python package index JSON APIs with requests.md → published/20210330 Access Python package index JSON APIs with requests.md
View File

@ -3,97 +3,80 @@
[#]: author: "Ben Nuttall https://opensource.com/users/bennuttall"
[#]: collector: "lujun9972"
[#]: translator: "MjSeven"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
[#]: reviewer: "wxy"
[#]: publisher: "wxy"
[#]: url: "https://linux.cn/article-13356-1.html"
使用 Resuests 访问 Python 包索引的 JSON API
使用 requests 访问 Python 包索引PyPI的 JSON API
======
PyPI 的 JSON API 是一种机器可直接使用的数据源,你可以在浏览网站时访问相同类型的数据。
![Python programming language logo with question marks][1]
> PyPI 的 JSON API 是一种机器可直接使用的数据源,你可以访问和你浏览网站时相同类型的数据。
![](https://img.linux.net.cn/data/attachment/album/202105/03/111943du0lgbjj6br6sruu.jpg)
PyPIPython 软件包索引)提供了有关其软件包信息的 JSON API。本质上它是机器可以直接使用的数据源与你在网站上直接访问是一样的的。例如作为人类我可以在浏览器中打开 [Numpy][2] 项目页面,点击左侧相关链接,查看有哪些版本,哪些文件可用以及发行日期和支持的 Python 版本等内容:
![NumPy project page][3]
(Ben Nuttall, [CC BY-SA 4.0][4])
但是,如果我想编写一个程序来访问此数据,则可以使用 JSON API而不必在这些页面上抓取和解析 HTML。
顺便说一句:在旧的 PyPI 网站上,当它托管在 `pypi.python.org`NumPy 的项目页面位于 `pypi.python.org/pypi/numpy`,访问其 JSON API 也很简单,只需要在最后面添加一个 `/json` ,即 `https://pypi.org/pypi/numpy/json`。现在PyPI 网站托管在 `pypi.org`NumPy 的项目页面是 `pypi.org/project/numpy`。新站点不会有单独的 JSON API URL但它仍像以前一样工作。因此你不必在 URL 后添加 `/json`,只要记住 URL 就够了。
顺便说一句:在旧的 PyPI 网站上,托管在 `pypi.python.org`NumPy 的项目页面位于 `pypi.python.org/pypi/numpy`,访问其 JSON API 也很简单,只需要在最后面添加一个 `/json` ,即 `https://pypi.org/pypi/numpy/json`。现在PyPI 网站托管在 `pypi.org`NumPy 的项目页面是 `pypi.org/project/numpy`。新站点不会有单独的 JSON API URL但它仍像以前一样工作。因此你不必在 URL 后添加 `/json`,只要记住 URL 就够了。
你可以在浏览器中打开 NumPy 的 JSON API URLFirefox 很好地渲染了数据:
![JSON rendered in Firefox][5]
(Ben Nuttall, [CC BY-SA 4.0][4])
你可以查看 `info``release` 和 `urls` 其中的内容。或者,你可以将其加载到 Python Shell 中,以下是几行入门教程:
```python
```
import requests
url = "https://pypi.org/pypi/numpy/json"
r = requests.get(url)
data = r.json()
```
获得数据后,调用 `.json()` 提供数据的[字典][6],你可以对其进行查看:
获得数据后(调用 `.json()` 提供了该数据的 [字典][6],你可以对其进行查看:
![Inspecting data][7]
(Ben Nuttall, [CC BY-SA 4.0][4])
查看 `release` 中的键:
![Inspecting keys in releases][8]
(Ben Nuttall, [CC BY-SA 4.0][4])
这表明 `release` 是一个以版本号为键的字典。选择一个并查看以下内容:
![Inspecting version][9]
(Ben Nuttall, [CC BY-SA 4.0][4])
每个版本都包含一个列表,`release` 包含 24 项。但是每个项目是什么?由于它是一个列表,因此你可以索引第一项并进行查看:
![Indexing an item][10]
(Ben Nuttall, [CC BY-SA 4.0][4])
这是一个字典,其中包含有关特定文件的详细信息。因此,列表中的 24 个项目中的每一个都与此特定版本号关联的文件相关,即在 <https://pypi.org/project/numpy/1.20.1/#files> 列出的 24 个文件。
这是一个字典,其中包含有关特定文件的详细信息。因此,列表中的 24 个项目中的每一个都与此特定版本号关联的文件相关,即在 <https://pypi.org/project/numpy/1.20.1/#files> 列出的 24 个文件中。
你可以编写一个脚本在可用数据中查找内容。例如,以下的循环查找带有 sdist源代码包的版本它们指定了 `requires_python` 属性并进行打印:
你可以编写一个脚本在可用数据中查找内容。例如,以下的循环查找带有 stdis (源代码包) 的版本,它们指定了 `requires_python` 属性并进行打印:
```python
```
for version, files in data['releases'].items():
    for f in files:
        if f.get('packagetype') == 'sdist' and f.get('requires_python'):
            print(version, f['requires_python'])
```
![sdist files with requires_python attribute ][11]
(Ben Nuttall, [CC BY-SA 4.0][4])
![sdist files with requires_python attribute][11]
### piwheels
去年,我在 piwheels 网站上[实现了类似的 API][12]。[piwheels.org][13] 是一个 Python 软件包索引,为 Raspberry Pi 架构提供了 wheel预编译的二进制软件包。它本质上是 PyPI 软件包的镜像,但带有 Arm wheel而不是软件包维护者上传到 PyPI 的文件。
去年,我在 piwheels 网站上[实现了类似的 API][12]。[piwheels.org][13] 是一个 Python 软件包索引,为树莓派架构提供了 wheel预编译的二进制软件包。它本质上是 PyPI 软件包的镜像,但带有 Arm wheel而不是软件包维护者上传到 PyPI 的文件。
由于 piwheels 模仿了 PyPI 的 URL 结构,因此你可以将项目页面 URL 的 `pypi.org` 部分更改为 `piwheels.org`。它将向你显示类似的项目页面,其中详细说明了构建的版本和可用的文件。由于我喜欢旧站点允许你在 URL 末尾添加 `/json` 的方式所以我也支持这种方式。NumPy 在 PyPI 上的项目页面为 [pypi.org/project/numpy][14],在 piwheels 上,它是 [piwheels.org/project/numpy][15],而 JSON API 是 [piwheels.org/project/numpy/json][16] 页面。
没有必要重复 PyPI API 的内容,所以我们提供了 piwheels 上可用内容的信息,包括所有已知发行版的列表,一些基本信息以及我们拥有的文件列表:
没有必要重复 PyPI API 的内容,所以我们提供了 piwheels 上可用内容的信息,包括所有已知发行版的列表,一些基本信息以及我们拥有的文件列表:
![JSON files available in piwheels][17]
(Ben Nuttall, [CC BY-SA 4.0][4])
与之前的 PyPI 例子类似,你可以创建一个脚本来分析 API 内容。例如,对于每个 NumPy 版本,其中有多少 piwheels 文件:
```python
```
import requests
url = "https://www.piwheels.org/project/numpy/json"
@ -110,14 +93,12 @@ for version, info in package['releases'].items():
![Metadata in JSON files in piwheels][18]
(Ben Nuttall, [CC BY-SA 4.0][4])
方便的一件事是 `apt_dependencies` 字段,它列出了使用该库所需的 Apt 软件包。本例中的 NumPy 文件,或者通过 pip 安装 Numpy你还需要使用 Debian 的 Apt 包管理器安装 `libatlas3-base``libgfortran`
方便的是 `apt_dependencies` 字段,它列出了使用该库所需的 Apt 软件包。本例中的 NumPy 文件,或者通过 `pip` 安装 Numpy你还需要使用 Debian 的 `apt` 包管理器安装 `libatlas3-base``libgfortran`
以下是一个示例脚本,显示了程序包的 Apt 依赖关系:
```python
```
import requests
def get_install(package, abi):
@ -140,7 +121,6 @@ get_install('opencv-python-headless', 'cp35m')
我们还为软件包列表提供了一个通用的 API 入口,其中包括每个软件包的下载统计:
```python
import requests
@ -160,10 +140,9 @@ print(package, "has had", d_all, "downloads in total")
### pip search
`pip search` 因为其 XMLRPC 接口过载而被禁用,因此人们一直在寻找替代方法。你可以使用 piwheels 的 JSON API 来搜索软件包名称,因为软件包的集合是相同的:
`pip search` 因为其 XMLRPC 接口过载而被禁用,因此人们一直在寻找替代方法。你可以使用 piwheels 的 JSON API 来搜索软件包名称,因为软件包的集合是相同的:
```python
```
#!/usr/bin/python3
import sys
@ -192,7 +171,7 @@ if __name__ == '__main__':
* * *
_本文最初发表在 Ben Nuttall 的 [Tooling Tuesday 博客上][20],经许可转载使用。_
_本文最初发表在 Ben Nuttall 的 [Tooling Tuesday 博客上][20]经许可转载使用。_
--------------------------------------------------------------------------------
@ -201,7 +180,7 @@ via: https://opensource.com/article/21/3/python-package-index-json-apis-requests
作者:[Ben Nuttall][a]
选题:[lujun9972][b]
译者:[MjSeven](https://github.com/MjSeven)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

154
published/20210331 A tool to spy on your DNS queries- dnspeep.md Normal file
View File

@ -0,0 +1,154 @@
[#]: subject: (A tool to spy on your DNS queries: dnspeep)
[#]: via: (https://jvns.ca/blog/2021/03/31/dnspeep-tool/)
[#]: author: (Julia Evans https://jvns.ca/)
[#]: collector: (lujun9972)
[#]: translator: (wyxplus)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13353-1.html)
dnspeep监控 DNS 查询的工具
======
![](https://img.linux.net.cn/data/attachment/album/202105/02/191521i4ycjm7veln426vy.jpg)
在过去的几天中,我编写了一个叫作 [dnspeep][1] 的小工具,它能让你看到你电脑中正进行的 DNS 查询,并且还能看得到其响应。它现在只有 [250 行 Rust 代码][2]。
我会讨论如何去尝试它、能做什么、为什么我要编写它,以及当我在开发时所遇到的问题。
### 如何尝试
我构建了一些二进制文件,因此你可以快速尝试一下。
对于 Linuxx86
```
wget https://github.com/jvns/dnspeep/releases/download/v0.1.0/dnspeep-linux.tar.gz
tar -xf dnspeep-linux.tar.gz
sudo ./dnspeep
```
对于 Mac
```
wget https://github.com/jvns/dnspeep/releases/download/v0.1.0/dnspeep-macos.tar.gz
tar -xf dnspeep-macos.tar.gz
sudo ./dnspeep
```
它需要以<ruby>超级用户<rt>root</rt></ruby>身份运行,因为它需要访问计算机正在发送的所有 DNS 数据包。 这与 `tcpdump` 需要以超级身份运行的原因相同:它使用 `libpcap`,这与 tcpdump 使用的库相同。
如果你不想在超级用户下运行下载的二进制文件,你也能在 <https://github.com/jvns/dnspeep> 查看源码并且自行编译。
### 输出结果是什么样的
以下是输出结果。每行都是一次 DNS 查询和响应:
```
$ sudo dnspeep
query name server IP response
A firefox.com 192.168.1.1 A: 44.235.246.155, A: 44.236.72.93, A: 44.236.48.31
AAAA firefox.com 192.168.1.1 NOERROR
A bolt.dropbox.com 192.168.1.1 CNAME: bolt.v.dropbox.com, A: 162.125.19.131
```
这些查询是来自于我在浏览器中访问的 `neopets.com`,而 `bolt.dropbox.com` 查询是因为我正在运行 Dropbox 代理,并且我猜它不时会在后台运行,因为其需要同步。
### 为什么我要开发又一个 DNS 工具?
之所以这样做,是因为我认为当你不太了解 DNS 时DNS 似乎真的很神秘!
你的浏览器(和你电脑上的其他软件)一直在进行 DNS 查询,我认为当你能真正看到请求和响应时,似乎会有更多的“真实感”。
我写这个也把它当做一个调试工具。我想“这是 DNS 的问题?”的时候,往往很难回答。我得到的印象是,当尝试检查问题是否由 DNS 引起时,人们经常使用试错法或猜测,而不是仅仅查看计算机所获得的 DNS 响应。
### 你可以看到哪些软件在“秘密”使用互联网
我喜欢该工具的一方面是,它让我可以感知到我电脑上有哪些程序正使用互联网!例如,我发现在我电脑上,某些软件出于某些理由不断地向 `ping.manjaro.org` 发送请求,可能是为了检查我是否已经连上互联网了。
实际上,我的一个朋友用这个工具发现,他的电脑上安装了一些以前工作时的企业监控软件,但他忘记了卸载,因此你甚至可能发现一些你想要删除的东西。
### 如果你不习惯的话, tcpdump 会令人感到困惑
当我试图向人们展示他们的计算机正在进行的 DNS 查询时,我的第一感是想“好吧,使用 tcpdump”`tcpdump` 确实可以解析 DNS 数据包!
例如,下方是一次对 `incoming.telemetry.mozilla.org.` 的 DNS 查询结果:
```
11:36:38.973512 wlp3s0 Out IP 192.168.1.181.42281 > 192.168.1.1.53: 56271+ A? incoming.telemetry.mozilla.org. (48)
11:36:38.996060 wlp3s0 In IP 192.168.1.1.53 > 192.168.1.181.42281: 56271 3/0/0 CNAME telemetry-incoming.r53-2.services.mozilla.com., CNAME prod.data-ingestion.prod.dataops.mozgcp.net., A 35.244.247.133 (180)
```
绝对可以学着去阅读理解一下,例如,让我们分解一下查询:
`192.168.1.181.42281 > 192.168.1.1.53: 56271+ A? incoming.telemetry.mozilla.org. (48)`
* `A?` 意味着这是一次 A 类型的 DNS **查询**
* `incoming.telemetry.mozilla.org.` 是被查询的名称
* `56271` 是 DNS 查询的 ID
* `192.168.1.181.42281` 是源 IP/端口
* `192.168.1.1.53` 是目的 IP/端口
* `(48)` 是 DNS 报文长度
在响应报文中,我们可以这样分解:
`56271 3/0/0 CNAME telemetry-incoming.r53-2.services.mozilla.com., CNAME prod.data-ingestion.prod.dataops.mozgcp.net., A 35.244.247.133 (180)`
* `3/0/0` 是在响应报文中的记录数3 个回答0 个权威记录0 个附加记录。我认为 tcpdump 甚至只打印出回答响应报文。
* `CNAME telemetry-incoming.r53-2.services.mozilla.com`、`CNAME prod.data-ingestion.prod.dataops.mozgcp.net.` 和 `A 35.244.247.133` 是三个响应记录。
* `56271` 是响应报文 ID和查询报文的 ID 相对应。这就是你如何知道它是对前一行请求的响应。
我认为,这种格式最难处理的是(作为一个只想查看一些 DNS 流量的人),你必须手动匹配请求和响应,而且它们并不总是相邻的行。这就是计算机擅长的事情!
因此,我决定编写一个小程序(`dnspeep`)来进行匹配,并排除一些我认为多余的信息。
### 我在编写时所遇到的问题
在撰写本文时,我遇到了一些问题:
* 我必须给 `pcap` 包打上补丁,使其能在 Mac 操作系统上和 Tokio 配合工作([这个更改][3])。这是其中的一个 bug花了很多时间才搞清楚用了 1 行代码才解决 :)
* 不同的 Linux 发行版似乎有不同的 `libpcap.so` 版本。所以我不能轻易地分发一个动态链接 libpcap 的二进制文件(你可以 [在这里][4] 看到其他人也有同样的问题)。因此,我决定在 Linux 上将 libpcap 静态编译到这个工具中。但我仍然不太了解如何在 Rust 中正确做到这一点作,但我通过将 `libpcap.a` 文件复制到 `target/release/deps` 目录下,然后直接运行 `cargo build`,使其得以工作。
* 我使用的 `dns_parser` carte 并不支持所有 DNS 查询类型,只支持最常见的。我可能需要更换一个不同的工具包来解析 DNS 数据包,但目前为止还没有找到合适的。
* 因为 `pcap` 接口只提供原始字节(包括以太网帧),所以我需要 [编写代码来计算从开头剥离多少字节才能获得数据包的 IP 报头][5]。我很肯定我还遗漏了一些情形。
我对于给它取名也有过一段艰难的时光,因为已经有许多 DNS 工具了dnsspydnssnoopdnssniffdnswatch我基本上只是查了下有关“监听”的每个同义词然后选择了一个看起来很有趣并且还没有被其他 DNS 工具所占用的名称。
该程序没有做的一件事就是告诉你哪个进程进行了 DNS 查询,我发现有一个名为 [dnssnoop][6] 的工具可以做到这一点。它使用 eBPF看上去很酷但我还没有尝试过。
### 可能会有许多 bug
我只在 Linux 和 Mac 上简单测试了一下,并且我已知至少有一个 bug不支持足够多的 DNS 查询类型),所以请在遇到问题时告知我!
尽管这个 bug 没什么危害,因为这 libpcap 接口是只读的。所以可能发生的最糟糕的事情是它得到一些它无法解析的输入,最后打印出错误或是崩溃。
### 编写小型教育工具很有趣
最近,我对编写小型教育的 DNS 工具十分感兴趣。
到目前为止我所编写的工具:
* <https://dns-lookup.jvns.ca>(一种进行 DNS 查询的简单方法)
* <https://dns-lookup.jvns.ca/trace.html>(向你显示在进行 DNS 查询时内部发生的情况)
* 本工具(`dnspeep`
以前我尽力阐述已有的工具(如 `dig``tcpdump`)而不是编写自己的工具,但是经常我发现这些工具的输出结果让人费解,所以我非常关注以更加友好的方式来看这些相同的信息,以便每个人都能明白他们电脑正在进行的 DNS 查询,而不仅仅是依赖 tcmdump。
--------------------------------------------------------------------------------
via: https://jvns.ca/blog/2021/03/31/dnspeep-tool/
作者:[Julia Evans][a]
选题:[lujun9972][b]
译者:[wyxplus](https://github.com/wyxplus)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://jvns.ca/
[b]: https://github.com/lujun9972
[1]: https://github.com/jvns/dnspeep
[2]: https://github.com/jvns/dnspeep/blob/f5780dc822df5151f83703f05c767dad830bd3b2/src/main.rs
[3]: https://github.com/ebfull/pcap/pull/168
[4]: https://github.com/google/gopacket/issues/734
[5]: https://github.com/jvns/dnspeep/blob/f5780dc822df5151f83703f05c767dad830bd3b2/src/main.rs#L136
[6]: https://github.com/lilydjwg/dnssnoop

48
translated/tech/20210416 Play a fun math game with Linux commands.md → published/20210416 Play a fun math game with Linux commands.md
View File

@ -3,22 +3,24 @@
[#]: author: (Jim Hall https://opensource.com/users/jim-hall)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13358-1.html)
用 Linux 命令玩一个有趣的数学游戏
======
在家玩流行的英国游戏节目 “Countdown” 中的数字游戏。
![Math formulas in green writing][1]
像许多人一样,我在大流行期间探索了许多新的电视节目。我最近发现了一个英国的游戏节目,叫做 _[Countdown][2]_参赛者在其中玩两种游戏一种是_单词_游戏他们试图从杂乱的字母中找出最长的单词另一种是_数字_游戏他们从随机选择的数字中计算出一个目标数字。因为我喜欢数学我发现自己被数字游戏所吸引
> 在家玩流行的英国游戏节目 “Countdown” 中的数字游戏。
数字游戏可以为你的下一个家庭游戏之夜增添乐趣,所以我想分享我自己的变化。你以一组随机数字开始,分为 1 到 10 的“小”数字和 15、20、25 的“大”数字,以此类推,直到 100。你从大数字和小数字中挑选六个数字的任何组合。
![](https://img.linux.net.cn/data/attachment/album/202105/03/221459uchb0f8xcxfrhc86.jpg)
像许多人一样,我在大流行期间看了不少新的电视节目。我最近发现了一个英国的游戏节目,叫做 [Countdown][2],参赛者在其中玩两种游戏:一种是 _单词_ 游戏,他们试图从杂乱的字母中找出最长的单词;另一种是 _数字_ 游戏,他们从随机选择的数字中计算出一个目标数字。因为我喜欢数学,我发现自己被数字游戏所吸引。
数字游戏可以为你的下一个家庭游戏之夜增添乐趣,所以我想分享我自己的一个游戏变体。你以一组随机数字开始,分为 1 到 10 的“小”数字和 15、20、25以此类推直到 100 的“大”数字。你从大数字和小数字中挑选六个数字的任何组合。
接下来,你生成一个 200 到 999 之间的随机“目标”数字。然后用你的六个数字进行简单的算术运算,尝试用每个“小”和“大”数字计算出目标数字,但使用不能超过一次。如果你能准确地计算出目标数字,你就能得到最高分,如果距离目标数字 10 以内就得到较低的分数。
例如,如果你的随机数是 75、100、2、3、4 和 1而你的目标数是 505你可以说 _2+3=5__5×100=500__4+1=5_以及 _5+500=505_。或者更直接地:(**2**+**3**)×**100** \+ **4** \+ **1** = **505**.
例如,如果你的随机数是 75、100、2、3、4 和 1而你的目标数是 505你可以说 `2+3=5``5×100=500``4+1=5`,以及 `5+500=505`。或者更直接地:`(2+3)×100 + 4 + 1 = 505`。
### 在命令行中随机化列表
@ -40,8 +42,7 @@ $ seq 1 10
10
```
为了随机化这个列表,你可以使用 Linux 的 `shuf`"shuffle")命令。`shuf` 将随机化你给它的东西的顺序,通常是一个文件。例如,如果你把 `seq` 命令的输出发送到 `shuf` 命令,你会收到一个 1 到 10 之间的随机数字列表:
为了随机化这个列表,你可以使用 Linux 的 `shuf`“shuffle”打乱命令。`shuf` 将随机化你给它的东西的顺序,通常是一个文件。例如,如果你把 `seq` 命令的输出发送到 `shuf` 命令,你会收到一个 1 到 10 之间的随机数字列表:
```
$ seq 1 10 | shuf
@ -59,7 +60,6 @@ $ seq 1 10 | shuf
要从 1 到 10 的列表中只选择四个随机数,你可以将输出发送到 `head` 命令,它将打印出输入的前几行。使用 `-4` 选项来指定 `head` 只打印前四行:
```
$ seq 1 10 | shuf | head -4
6
@ -70,8 +70,7 @@ $ seq 1 10 | shuf | head -4
注意,这个列表与前面的例子不同,因为 `shuf` 每次都会生成一个随机顺序。
现在你可以采取下一步措施来生成”大“数字的随机列表。第一步是生成一个可能的数字列表,从 15 开始,以 5 为单位递增,直到达到 100。你可以用 Linux 的 `seq` 命令生成这个列表。为了使每个数字以 5 为单位递增,在 `seq` 命令中插入另一个选项来表示_步进_
现在你可以采取下一步措施来生成“大”数字的随机列表。第一步是生成一个可能的数字列表,从 15 开始,以 5 为单位递增,直到达到 100。你可以用 Linux 的 `seq` 命令生成这个列表。为了使每个数字以 5 为单位递增,在 `seq` 命令中插入另一个选项来表示 _步进_
```
$ seq 15 5 100
@ -95,8 +94,7 @@ $ seq 15 5 100
100
```
就像以前一样,你可以随机化这个列表,选择两个”大“数字:
就像以前一样,你可以随机化这个列表,选择两个“大”数字:
```
$ seq 15 5 100 | shuf | head -2
@ -108,11 +106,9 @@ $ seq 15 5 100 | shuf | head -2
我想你可以用类似的方法从 200 到 999 的范围内选择游戏的目标数字。但是生成单个随机数的最简单的方案是直接在 Bash 中使用 `RANDOM` 变量。当你引用这个内置变量时Bash 会生成一个大的随机数。要把它放到 200 到 999 的范围内,你需要先把随机数放到 0 到 799 的范围内,然后加上 200。
要把随机数放到从 0 开始的特定范围内,你可以使用**模数**算术运算符。模数计算的是两个数字相除后的_余数_。如果我用 801 除以 800结果是 1余数是 1模数是 1。800 除以 800 的结果是 1余数是 0模数是 0。而用 799 除以 800 的结果是 0余数是 799模数是 799
Bash 通过 `$(())` 结构支持算术扩展。在双括号之间Bash 将对你提供的数值进行算术运算。要计算 801 除以 800 的模数,然后加上 200你可以输入:
要把随机数放到从 0 开始的特定范围内,你可以使用**模数**算术运算符。模数计算的是两个数字相除后的 _余数_。如果我用 801 除以 800结果是 1余数是 1模数是 1。800 除以 800 的结果是 1余数是 0模数是 0。而用 799 除以 800 的结果是 0余数是 799模数是 799
Bash 通过 `$(())` 结构支持算术展开。在双括号之间Bash 将对你提供的数值进行算术运算。要计算 801 除以 800 的模数,然后加上 200你可以输入:
```
$ echo $(( 801 % 800 + 200 ))
@ -121,7 +117,6 @@ $ echo $(( 801 % 800 + 200 ))
通过这个操作,你可以计算出一个 200 到 999 之间的随机目标数:
```
$ echo $(( RANDOM % 800 + 200 ))
673
@ -131,8 +126,7 @@ $ echo $(( RANDOM % 800 + 200 ))
### 玩数字游戏
让我们把所有这些放在一起,玩玩数字游戏。产生两个随机的”大“数字, 四个随机的”小“数值,以及目标值:
让我们把所有这些放在一起,玩玩数字游戏。产生两个随机的“大”数字, 四个随机的“小”数值,以及目标值:
```
$ seq 15 5 100 | shuf | head -2
@ -149,8 +143,7 @@ $ echo $(( RANDOM % 800 + 200 ))
我的数字是 **75**、**100**、**4**、**3**、**10** 和 **2**,而我的目标数字是 **868**
如果我用每个”小“和”大“数字做这些算术运算,并不超过一次,我就能接近目标数字了:
如果我用每个“小”和“大”数字做这些算术运算,并不超过一次,我就能接近目标数字了:
```
10×75 = 750
@ -163,10 +156,8 @@ $ echo $(( RANDOM % 800 + 200 ))
862+2 = 864
```
That's only four away—not bad! But I found this way to calculate the exact number using each random number no more than once:
只相差 4 了,不错!但我发现这样可以用每个随机数不超过一次来计算出准确的数字:
```
4×2 = 8
8×100 = 800
@ -177,8 +168,7 @@ That's only four away—not bad! But I found this way to calculate the exact nu
800+68 = 868
```
或者我可以做_这些_计算来准确地得到目标数字。这只用了六个随机数中的五个
或者我可以做 _这些_ 计算来准确地得到目标数字。这只用了六个随机数中的五个:
```
4×3 = 12
@ -199,7 +189,7 @@ via: https://opensource.com/article/21/4/math-game-linux-commands
作者:[Jim Hall][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

87
published/20210426 3 beloved USB drive Linux distros.md Normal file
View File

@ -0,0 +1,87 @@
[#]: subject: (3 beloved USB drive Linux distros)
[#]: via: (https://opensource.com/article/21/4/usb-drive-linux-distro)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-13355-1.html)
爱了3 个受欢迎的 U 盘 Linux 发行版
======
> 开源技术人员对此深有体会。
![](https://img.linux.net.cn/data/attachment/album/202105/03/104610np5piwaavaa5qu2u.jpg)
Linux 用户几乎都会记得他们第一次发现无需实际安装,就可以用 Linux 引导计算机并在上面运行。当然,许多用户都知道可以引导计算机进入操作系统安装程序,但是 Linux 不同:它根本就不需要安装!你的计算机甚至不需要有一个硬盘。你可以通过一个 U 盘运行 Linux 几个月甚至几 _年_
自然,有几种不同的 “<ruby>临场<rt>live</rt></ruby>” Linux 发行版可供选择。我们向我们的作者们询问了他们的最爱,他们的回答如下。
### 1、Puppy Linux
“作为一名前 **Puppy Linux** 开发者,我对此的看法自然有些偏见,但 Puppy 最初吸引我的地方是:
* 它专注于第三世界国家容易获得的低端和老旧硬件。这为买不起最新的现代系统的贫困地区开放了计算能力
* 它能够在内存中运行,可以利用该能力提供一些有趣的安全优势
* 它在一个单一的 SFS 文件中处理用户文件和会话,使得备份、恢复或移动你现有的桌面/应用/文件到另一个安装中只需一个拷贝命令”
—— [JT Pennington][2]
“对我来说,一直就是 **Puppy Linux**。它启动迅速,支持旧硬件。它的 GUI 很容易就可以说服别人第一次尝试 Linux。” —— [Sachin Patil][3]
“Puppy 是真正能在任何机器上运行的临场发行版。我有一台废弃的 microATX 塔式电脑,它的光驱坏了,也没有硬盘(为了数据安全,它已经被拆掉了),而且几乎没有多少内存。我把 Puppy 插入它的 SD 卡插槽,运行了好几年。” —— [Seth Kenlon][4]
“我在使用 U 盘上的 Linux 发行版没有太多经验,但我把票投给 **Puppy Linux**。它很轻巧,非常适用于旧机器。”  —— [Sergey Zarubin][5]
### 2、Fedora 和 Red Hat
“我最喜欢的 USB 发行版其实是 **Fedora Live USB**。它有浏览器、磁盘工具和终端仿真器,所以我可以用它来拯救机器上的数据,或者我可以浏览网页或在需要时用 ssh 进入其他机器做一些工作。所有这些都不需要在 U 盘或在使用中的机器上存储任何数据,不会在受到入侵时被泄露。” —— [Steve Morris][6]
“我曾经用过 Puppy 和 DSL。如今我有两个 U 盘:**RHEL7** 和 **RHEL8**。 这两个都被配置为完整的工作环境,能够在 UEFI 和 BIOS 上启动。当我有问题要解决而又面对随机的硬件时,在现实生活中这就是时间的救星。” —— [Steven Ellis][7]
### 3、Porteus
“不久前,我安装了 Porteus 系统每个版本的虚拟机。很有趣,所以有机会我会再试试它们。每当提到微型发行版的话题时,我总是想起我记得的第一个使用的发行版:**tomsrtbt**。它总是安装适合放在软盘上来设计。我不知道它现在有多大用处,但我想我应该把它也算上。”  —— [Alan Formy-Duval][8]
“作为一个 Slackware 的长期用户,我很欣赏 **Porteus** 提供的 Slack 的最新版本和灵活的环境。你可以用运行在内存中的 Porteus 进行引导,这样就不需要把 U 盘连接到你的电脑上,或者你可以从驱动器上运行,这样你就可以保留你的修改。打包应用很容易,而且 Slacker 社区有很多现有的软件包。这是我唯一需要的实时发行版。” —— [Seth Kenlon][4]
### 其它Knoppix
“我已经有一段时间没有使用过 **Knoppix** 了,但我曾一度经常使用它来拯救那些被恶意软件破坏的 Windows 电脑。它最初于 2000 年 9 月发布,此后一直在持续开发。它最初是由 Linux 顾问 Klaus Knopper 开发并以他的名字命名的,被设计为临场 CD。我们用它来拯救由于恶意软件和病毒而变得无法访问的 Windows 系统上的用户文件。” —— [Don Watkins][9]
“Knoppix 对临场 Linux 影响很大,但它也是对盲人用户使用最方便的发行版之一。它的 [ADRIANE 界面][10] 被设计成可以在没有视觉显示器的情况下使用,并且可以处理任何用户可能需要从计算机上获得的所有最常见的任务。” —— [Seth Kenlon][11]
### 选择你的临场 Linux
有很多没有提到的,比如 [Slax][12](一个基于 Debian 的实时发行版)、[Tiny Core][13]、[Slitaz][14]、[Kali][15](一个以安全为重点的实用程序发行版)、[E-live][16],等等。如果你有一个空闲的 U 盘,请把 Linux 放在上面,在任何时候都可以在任何电脑上使用 Linux
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/usb-drive-linux-distro
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux_keyboard_desktop.png?itok=I2nGw78_ (Linux keys on the keyboard for a desktop computer)
[2]: https://opensource.com/users/jtpennington
[3]: https://opensource.com/users/psachin
[4]: http://opensource.com/users/seth
[5]: https://opensource.com/users/sergey-zarubin
[6]: https://opensource.com/users/smorris12
[7]: https://opensource.com/users/steven-ellis
[8]: https://opensource.com/users/alanfdoss
[9]: https://opensource.com/users/don-watkins
[10]: https://opensource.com/life/16/7/knoppix-adriane-interface
[11]: https://opensource.com/article/21/4/opensource.com/users/seth
[12]: http://slax.org
[13]: http://www.tinycorelinux.net/
[14]: http://www.slitaz.org/en/
[15]: http://kali.org
[16]: https://www.elivecd.org/

190
sources/news/20210501 Elementary OS 6 Beta Available Now- Here Are the Top New Features.md Normal file
View File

@ -0,0 +1,190 @@
[#]: subject: (Elementary OS 6 Beta Available Now! Here Are the Top New Features)
[#]: via: (https://news.itsfoss.com/elementary-os-6-beta/)
[#]: author: (Abhishek https://news.itsfoss.com/author/root/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Elementary OS 6 Beta Available Now! Here Are the Top New Features
======
The beta release of elementary OS 6 is here. It is available to download and test for the early adapters and application developers.
Before I give you the details on downloading and upgrade procedure, lets have a look at the changes this new release is bringing.
### New features in elementary OS 6 “Odin”
Every elementary OS release bases itself on an Ubuntu LTS release. The upcoming elementary OS 6, codenamed “Odin”, is based on the latest Ubuntu 20.04 LTS version.
elementary OS has an ecosystem of its own, so the similarities with Ubuntu technically ends here. The Pantheon desktop environment gives it an entire different look and feel that you see in other distributions using GNOME or KDE.
In November last year, we took the early build of elementary OS 6 for a test ride. You may see it in action in the video below.
![][1]
Things have improved and more features have been added since then. Lets take a look at them.
#### Dark theme with customization options
Dark theme is not a luxury anymore. Its popularity has forces operating system and application developers to integrate the dark mode features in their offerings.
![][2]
elementary OS is also offering a dark theme but it has a few additional features to let you enjoy the dark side.
You can choose to automatically switch to the dark theme based on the time of the day. You can also choose an accent color to go with the dark theme.
![][3]
Dont expect a flawless dark theme experience. Like every other operating system, it depends on the applications. Sandboxed Flatpak applications wont go dark automatically unlike the elementary OS apps.
#### Refreshed look and feel
There are many subtle changes to give elementary OS a refreshed look and feel.
![][2]
Youll notice more rounded bottom window corners. The typography has changed for the first time and it now uses [Inter typeface][4] instead of the usual Open Sans. Default font rendering settings opts for grayscale anti-aliasing over RGB.
![][5]
You can now give an accent color to your system. With that, the icons, media buttons etc will have the chosen accented color.
![][6]
#### Multi-touch gestures
Multi-touch gestures are a rarity in Linux desktops. However, elementary OS has worked hard to bring some multi-touch gesture support. You should be able to use it for muti-tasking view as well as for switching workspaces.
You can see it in action in this video.
Individual apps may also provide You should be able to configure it from the settings.
![][7]
The gestures will be used in some other places such as when navigating between panes and views, swiping away notifications and more.
#### New and improved installer
elementary OS 6 will also feature a brand-new installer. This is being developed together with Linux system manufacturer System76. elementary OS team worked on the front end and the System76 team worked on the back end of the installer.
The new installer aims to improve the experience more both from an OS and OEM perspective.
![][8]
![][8]
![][9]
![][9]
![][9]
![][10]
![][10]
![][9]
![][9]
The new installer also plans to have the capability of a creating a recovery partition (which is basically a fresh copy of the operating system). This will make reinstalling and factory resetting the elementary OS a lot easier.
#### Flatpak all the way
You could already use [Flatpak][11] applications in elementary OS 5. Here, the installed application is local to the user account (in its home directory).
elementary OS 6 supports sharing Flatpak apps system wide. This is part of the plan to ship applications in elementary OS as Flatpaks out of the box. It should be ready by the final stable release.
#### Firmware updates from the system settings
elementary OS 6 will notify you of updatable firmware in the system settings. This is for hardware that is compatible with [fwupd][12]. You can download the firmware updates from the settings. Some firmware updates are installed on the next reboot.
![][13]
#### No Wayland
While elementary OS 6 code has some improved support for Wayland in the department of screenshots, it wont be ditching Xorg display server just yet. Ubuntu 20.04 LTS stuck with Xorg and elementary OS 6 will do the same.
#### Easier feedback reporting mechanism
I think this is for the beta testers so that they can easily provide feedback on various system components and functionality. I am not sure if the feedback tool will make its way to the final stable release. However, it is good to see a dedicated, easy to use tool that will make it easier to get feedback from less technical or lazy people (like me).
![][14]
#### Other changes
Here are some other changes in the new version of elementary OS:
* screen locking and sleep experience should be much more reliable and predictable
* improved accessibility features
* improved notifications with emoji support
* Epiphany browser becomes default
* New Task app
* Major rewrite of the Mail application
* Option to show num lock and caps lock in the panel
* Improved booting experience with OEM logo
* Improved performance on lower-clocked processors and slower storage mediums like SD cards
More details can be found on the [official blog of elementary OS][15].
### Download and install elementary OS 6 beta (for testing purpose)
Please note that the experimental [support for Raspberry Pi like ARM devices][16] is on pause for now. You wont find beta download for ARM devices.
There is no way to update elementary OS 5 to the beta of version 6. Also note that if you install elementary OS 6 beta, you will **not be able to upgrade to the final stable release**. Youll need to install it afresh.
Another thing is that some of the features I mentioned are not finished yet so expect some bugs and hiccups. It is better to use it on a spare system or in a virtual machine.
The beta is available for testing for free and you can download the ISO from the link below:
[Download elementary OS 6 beta][17]
### When will elementary OS 6 finally release?
No one can tell that, not even the elementary OS developers. They dont work with a fixed release date. It will be released when the planned features are stable. If I had to guess, I would say expect it in early July.
elementary OS 6 is one of the [most anticipated Linux distributions of 2021][18]. Are you liking the new features? How is the new look in comparison to [Zorin OS 16 beta][19]?
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/elementary-os-6-beta/
作者:[Abhishek][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/root/
[b]: https://github.com/lujun9972
[1]: https://i2.wp.com/i.ytimg.com/vi/ciIeX9b5_A4/hqdefault.jpg?w=780&ssl=1
[2]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[3]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzU2Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[4]: https://rsms.me/inter/
[5]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzYxMycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[6]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzY2Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[7]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzU0MScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[8]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUzOScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[9]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUzNCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[10]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ5Nycgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[11]: https://itsfoss.com/what-is-flatpak/
[12]: https://fwupd.org/
[13]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzUyMScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[14]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzQ3NScgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[15]: https://blog.elementary.io/elementary-os-6-odin-beta/
[16]: https://news.itsfoss.com/elementary-os-raspberry-pi-release/
[17]: https://builds.elementary.io/
[18]: https://news.itsfoss.com/linux-distros-for-2021/
[19]: https://news.itsfoss.com/zorin-os-16-beta/

101
sources/news/20210502 Google-s FLoC is Based on the Right Idea, but With the Wrong Implementation.md Normal file
View File

@ -0,0 +1,101 @@
[#]: subject: (Googles FLoC is Based on the Right Idea, but With the Wrong Implementation)
[#]: via: (https://news.itsfoss.com/google-floc/)
[#]: author: (Jacob Crume https://news.itsfoss.com/author/jacob/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Googles FLoC is Based on the Right Idea, but With the Wrong Implementation
======
Cookies, the well-known web technology, have been a key tool in web developers toolkits for years. They have given us the ability to store passwords, logins, and other essential data that allows us to use the modern web.
However, the technology has been used lately for more invasive purposes: serving creepily targeted ads.
Recently, Google claimed to have the solution to this privacy crisis with their new FLoC initiative.
### What is FLoC?
![][1]
FLoC (Federated Learning of Cohorts) is a new technology that aims to solve the privacy concerns associated with cookies. Unlike the old way of using 3rd party cookies to build an advertising ID, FLoC uses data from your searches to place you into a predefined group (called a cohort) of people interested in similar topics as you.
Advertisers can then serve the same ads to the group of people that are most likely to purchase their product. Because FLoC is built into Chrome, it can collect much more data than third-party cookies. For the average consumer, this should be a huge concern.
In simple terms, if cookies were bad, then FLoC is down-right evil.
### Whats Wrong With Floc?
Simply put, FLoC collects much more data than traditional cookies. This allows advertisers to serve more targeted ads, driving up sales.
Alongside the data concerns, there also some more specific issues associated with it. These include:
* More predictability
* Much easier browser fingerprinting
* The ability to link a user with their browsing habits
All of these issues join together to create the privacy disaster that FLoC is, with heaps of negative impacts on the user.
#### More Predictability
With the rise of machine learning and AI, companies such as Google and Facebook have gained the ability to make shockingly accurate predictions. With the extra data they will have because of FLoC, these predictions could be taken to a whole new level.
The result of this would be a new wave of highly-targeted ads and tracking. Because all your data is in your cohort id, it will be much better for companies to predict your interests and skills.
#### Browser Fingerprinting
Browser fingerprinting is the act of taking small and seemingly insignificant pieces of data to create an ID for a web browser. While no browser has managed to fully stop fingerprinting, some browsers (such as Tor) have managed to limit their fingerprinting abilities at the expense of some features.
Floc enables large corporations to take this shady practice to a whole new level through the extra data it presents.
#### Browsing Habit Linking
Your cohort id is supposed to be anonymous, but when combined with a login, it can be tracked right back to you. This effectively eliminates the privacy benefits FLoC has (standardized tracking) and further worsens the privacy crisis caused by this technology.
This combination of your login and cohort ID is effectively a goldmine for advertisers.
### Cookies are Bad, but so is FLoC
Cookies have been living on their last legs for the past decade. They have received widespread criticism for privacy issues, particularly from open-source advocates such as Mozilla and the FSF.
Instead of replacing them with an even more invasive technology, why not create an open and privacy respecting alternative? We can be sure that none of the large advertisers (Google and Facebook) would do such a thing as this is a crucial part of their profit-making ability.
Googles FLoC **not a sustainable replacement for cookies**, and it must go.
### Wrapping Up
With the amount of criticism Google has received in the past for their privacy policies, you would think they would improve. Unfortunately, this seems not to be the case, with their data collection becoming more widespread by the day.
FLoC seems to be the last nail in the coffin of privacy. If we want internet privacy, FLoC needs to go.
If you want to check if you have been FLoCed, you can check using a web tool by EFF [Am I FLoCed?][2], if you are using Google Chrome version 89 or newer.
What do you think about FLoC? Let me know in the comments below!
_The views and opinions expressed are those of the authors and do not necessarily reflect the official policy or position of Its FOSS._
#### Big Tech Websites Get Millions in Revenue, It's FOSS Got You!
If you like what we do here at It's FOSS, please consider making a donation to support our independent publication. Your support will help us keep publishing content focusing on desktop Linux and open source software.
I'm not interested
--------------------------------------------------------------------------------
via: https://news.itsfoss.com/google-floc/
作者:[Jacob Crume][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://news.itsfoss.com/author/jacob/
[b]: https://github.com/lujun9972
[1]: data:image/svg+xml;base64,PHN2ZyBoZWlnaHQ9JzMyNCcgd2lkdGg9Jzc4MCcgeG1sbnM9J2h0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnJyB2ZXJzaW9uPScxLjEnLz4=
[2]: https://amifloced.org/

92
sources/talk/20210502 15 unusual paths to tech.md Normal file
View File

@ -0,0 +1,92 @@
[#]: subject: (15 unusual paths to tech)
[#]: via: (https://opensource.com/article/21/5/unusual-tech-career-paths)
[#]: author: (Jen Wike Huger https://opensource.com/users/jen-wike)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
15 unusual paths to tech
======
Our past lives can be exciting and funny. Here are some surprising ways
folks have made their way to open source.
![Looking at a map for career journey][1]
The lives we led before we arrived where we are now sometimes feel like a distant land full of memories we can't quite recall. And sometimes we have lived experiences that we'll just never forget. Many times those experiences teach us and help us appreciate where we are today. We may even wish for those days as we recount our past lives.
What did you do before tech? Tell us in the comments.
I did **janitorial work** in the university cafeteria after it closed every day, and I got extra pay cleaning it up after live gigs held there (which happened about 4 times a year). We started to clean up for the following morning after the venue was vacated about 4 am, and had to get it cleaned and set up for opening the following morning at 7 am. That was fun. I worked summers in a livestock mart in the West of Ireland, running the office, keeping the account books, minding the cash that came through. I also had stints as a barman, lecturer, and TA at a local university while I was a post-grad, and once spent a few days stocking a ship with boxes of frozen fish in a Dutch port. —[Dave Neary][2]
I was a **musician** in the Marine Corps, but being a bassoonist in the Corps means that you're mostly playing bass drum. After burning out, I changed to data comms for my second enlistment. —Waldo
My last job before tech was as **a papermaker at a hi-speed newsprint plant** around 1990-1998. I loved this job, working with huge machines and a nice product. I did a lot of jobs from clamp lift driver to planner shipments abroad and back to production. What led me to tech was a program at the paper mill; they had a budget for everyone to get a PC. Honestly, for me, it was super vague what purpose that would serve me. But not long after I got into web design with a colleague, I became a hardcore XHTML and CSS frontend developer with the help of my PC. —[Ben Van 't Ende][3]
I worked at McDonald's through high school and college. In summers, I also worked at **a few factory jobs, a screw and bolt factory,** where I got to drive a forklift (which is heaven for an 18-year-old). I also worked at a plastics factory, eventually on the shipping deck. My first tech job was in 1982 for Westwood Family Dentistry. This was a large, mall dentistry chain and they were paying me to write their front desk software and billing software on [MP/M-based][4] PCs from Televideo. If you ever watched the movie "War Games," these are the terminals Mathew Broderick used. This was prior to Microsoft releasing MS-DOS. The code was written in Cobol. —[Daniel Walsh][5]
I was a **sound engineer recording audiobooks** for visually impaired people. There was a global project to set up a new global standard and move to digital recordings which became the DAISY standard and system. After that, I moved to the IT department in the company I worked for. —[Jimmy Sjölund ][6]
Before tech, I was working in **public relations** at an agency that specialized in high tech, scientific, and research clients. I convinced the agency to start working with online information, and my first project in that arena was creating a weekly intelligence report for the Semiconductor Industry Association, based on posts in newsgroups like comp.arch and comp.realtime. When the World Wide Web (yes, that's how everyone referred to it at the time) began becoming more well-known one of my PR clients (a lawyer for tech startups) asked me if I knew how it worked. I did (and told him so), and he hired me to create his firm's website. The site, for Womble, Carlyle, Sandridge &amp; Rice, was the first law firm website in North Carolina. A few more requests in the same vein later, I'd shifted my focus to online-only, leading to 20+ year career in web strategy. —[Gina Likins ][7]
I graduated in humanities in 1978 and started to teach human geography at Milan University while working as a **map editor** at Touring Club Italiano, at the time the largest map publisher in Italy. I soon realized that a career in geography was good for the mind but bad for the wallet, so I moved to a Swedish company, Atlas Copco, as house organ editor. Thanks to a very open-minded manager, I learned an awful lot in term of marketing communications, so after a couple of years I decided that it was time to challenge my skills in real marketing, and I was hired by Honeywell Information Systems, at the time second only to IBM in the information technology market. Although I was hired to manage marketing communications of PC compatible printers, after six months I was promoted to European Marketing Director, and after a couple of years, I become Corporate VP of Peripherals Marketing. In 1987, I moved to real PR at SCR (now Weber Shandwick), then Burson Marsteller, and then Manning Selvage &amp; Lee. In 1992, I started my own PR agency, which was acquired by Fleishman-Hillard in 1998. In 2003, I left Fleishman-Hillard as Senior VP of Technology Communications, to start a freelancing career. While looking at the tools for the trade, I stumbled on OpenOffice, and at age 50 I eventually entered the FOSS community as a volunteer handling marketing and PR (of course). In 2010, at age 56, I was one of the founders of the LibreOffice project, and I am still enjoying the fun here (and in several other places, such as OSI, OASIS, and LibreItalia). —
[Italo Vignoli ][8]
Right after college at age 23, I had a job where I went to hot zones around the US wherever there were **toxic spills or man-made chemical disasters**. So I visited some real cesspools in America full of death and misery and lived there for months at a time. I was there to support the investigators of the Agency for Toxic Substances and Disease Registry and the Center for Disease Control by editing the interviews they collected for clarity and sending them to the home office in Atlanta by modem. That job extended in technical responsibility with every new place they sent me off to, but it was awesome! I was 100% focused on being a toxicologist by that point. So after that, I got a job as a network analyst for the University of Buffalo medical school so I could get discounted tuition to attend the med school. I even taught medical computing to other 25-year-olds my age and saw my future in med technology. But after a year I realized I couldn't do eight more years of university. I didn't even like most doctors I had to work with. The scientists (PhDs) were awesome but the MDs were pretty mean to me. That's when my boss said to me that my true passion was hacking and he thought I was good at it. I told him he was crazy and that medicine was the future, not security. Then he quit, and I didn't like my new boss even more so I quit. I then got an offer to help start IBM's new Ethical Hacking service called eSecurity. And that's how I became a professional hacker. —[Pete Herzog][9]
I was always in information technology, it's just that the technology evolved. When I was still in elementary school, I delivered newspapers, which I would argue to be information produced by information technology. In high school, I continued that but eventually was fetching and storing data from the "stacks" at the local library (as well as doing lookups, working with punch cards, etc: Our books had punch cards for return by dates. So, when someone checked out a book, we would use a microfilm (or was it a microfiche?) camera to photograph the book description card, and a punch card which would then be inserted into the book's pocket. Upon return, the punch cards were removed and stacked to be sent through a card sorter, that -- presumably -- would do something about any cards missing from the sequence. (We weren't privy to the sorter or any computer that might have been attached. The branch would pack up the punch cards and send them to the main library.) As mentioned in a previous article for OpenSource.com, I was introduced to my first computer in high school. I had a job as a graveyard shift computer operator at a local hospital, mounting the tapes, running the backups, running batch jobs that printed reports on five-part carbon -- which left me with a deep-seated hatred for line-printers -- and then delivering those reports throughout the hospital -- kind of like being a newspaper delivery boy again. Then, college, where I ended up being the operator / "sys admin" (well, that last is a bit of a stretch, but not much) of a Data General Nova 3. And finally, onto an internship as a coder that, like Zonker T. Harris, I never left. —[Kevin Cole][10]
Probably the most surprising jobs I had before working in free and open source software (FOSS) were:
* Political organizer working on state-level campaigns for marriage equality, a higher minimum wage and increased transparency in state government
* Local music promoter, booking and promoting shows with noise bands, experimental acts and heavy rock, etc
* Cocktail waitress/bouncer/spotlight operator at a drag bar, whatever they needed that night
—[Deb Nicholson][11]
I never had a job in tech but was a neurologist. After going through the extended initiation of learning Linux, installing it on various machines, I then used it in my practice. I used to have my own computer in the office, running Linux, in addition to the office's system. As far as I know, I was the only doctor to carry around a laptop while on rounds in the hospital. There I kept my patient list, their diagnoses, and which days I visited them, all in a Postgres database. I would then submit my lists and charges for the day to the office from this database. With the hospital's wifi, I had access to the electronic data and lab results also. I would do EMGs (electromyography) and for a while used TeX to generate the reports, but later found that Scribus worked better, with some basic information contained in a file. I would then type out the final report myself. I could have a patient go straight to his doctor's office after the test, carrying a final report with him. To facilitate this, once I found that we had some space set aside for us doctors on the hospital's server, I could install Scribus there for various uses. When I saw a patient who needed one or more prescriptions, I wrote a little Python script to make use of Avery labels, which I would then paste on a prescription blank and sign. Without a doubt, I had the most legible prescriptions you would ever see from a doctor. Patients would tell me later when they went to the pharmacy, the pharmacist would look at the prescription and say, "What's this?!". If I was doing this for a hospitalized patient, this meant I could make an extra copy and take it to the office to put in the patient's chart also. While we still had paper charts in the hospital (used for doctors' notes) I made a mock-up of a physicians' notes and orders page in Scribus with Python, and when I saw a patient, I would enter my notes there, then print out on a blank sheet with the necessary holes to fit in the chart. These pages were complete with the barcode for the page type and also the barcode for the patient's hospital number, generated with that Python script. After an experience of waiting a week or two for my office dictation to come back so I could sign it, I started typing my own office notes, starting with typing notes as I talked to the patient, then once they were gone, typing out a letter to go to the referring physician. So I did have a job in tech, so to speak, because I made it so. —[Greg Pittman][12]
I started my career as a journalist covering the European tech sector while living in London after grad school. I was still desperate to be a journalist despite the writing on that profession's wall. I didn't care which beat I covered, I just wanted to write. It ended up being the perfect way to learn about technology: I didn't need to be the expert, I just had to find the right experts and ask the right questions. The more I learned, the more curious I became. I eventually realized that I wanted to stop writing about tech companies and start joining them. Nearly nine years later, here I am. —[Lauren Maffeo][13]
Well, that degree in English Literature and Theology didn't really set me up for a career in computing, so my first job was *supposed *to be teaching (or training to be a teacher in) English for 11-18-year-olds. I suppose my first real job was working at the Claremont Vaults in Weston-super-mare. It was a real dive, at the wrong end of the seafront, was smoke-filled at all times (I had to shower and wash my hair as soon as I got home every night), and had 3 sets of clientele:
* The underage kids. In the UK, this meant 16 and 17-year-olds pretending to be 18. They were generally little trouble, and we'd ask them to leave if it was too obvious they were too young. They'd generally shrug and go onto the next pub.
* The truckers. Bizarrely (to 18-year-old me, anyway), the nicest folks we had there. Never any trouble, paid-up, didn't get too smashed, played a lot of Country on the jukebox.
* The OAPs (Old-Age Pensioners). Thursday night was the worst, as pensions (in those days) were paid on Thursdays, so the OAPs would make their way down the hill to the nearest post office, get their pension, and then head to the pub to get absolutely ratted. They'd get drunk, abusive, and unpleasant, and Thursdays were always the shift to try to avoid. I don't miss it, but it was an education for an entitled, privately-educated boarding-school boy with little clue about the real world!
—[Mike Bursell][14]
In no particular order: **proofreader, radio station disk jockey,** bookkeeper, archaeology shovelbum, reactor operator, welder, apartment maintenance and security, rent-to-own collections, electrician's helper, sunroom construction... and I'm definitely missing a few. The question isn't so much "what led me to tech" as "what kept me from it," the answer is insufficient personal connections and money. My entire life was leading me to tech, it was just a long, rocky, stumbling road to get there. I might never have gotten there, if I hadn't gotten an injury on the construction job serious enough to warrant six months of light duty—the company decided to have me come into the office and "I don't know, make copies or something" rather than just paying me to sit at home, and I parlayed that into an opportunity to make myself absolutely indispensable and turned it into a job as the company's first Information Technology Manager. It's probably worth noting that the actual conversion to IT Manager didn't just happen because I made myself indispensable—it also happened because I literally cornered the CEO a week prior to me going back out into the field to build sunrooms, and made a passionate case for why it would be an enormous waste to do that. Lucky for me, that particular CEO appreciated aggressive ambition, and promptly gave me a raise and a job title. —[Jim Salter][15]
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/unusual-tech-career-paths
作者:[Jen Wike Huger][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jen-wike
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/career_journey_road_gps_path_map_520.png?itok=PpL6jJgY (Looking at a map for career journey)
[2]: https://opensource.com/users/dneary
[3]: https://opensource.com/users/benvantende
[4]: https://en.wikipedia.org/wiki/MP/M
[5]: https://opensource.com/users/rhatdan
[6]: https://opensource.com/users/jimmysjolund
[7]: https://opensource.com/users/lintqueen
[8]: https://opensource.com/users/italovignoli
[9]: https://opensource.com/users/peteherzog
[10]: https://opensource.com/users/kjcole
[11]: https://opensource.com/users/eximious
[12]: https://opensource.com/users/greg-p
[13]: https://opensource.com/users/lmaffeo
[14]: https://opensource.com/users/mikecamel
[15]: https://opensource.com/users/jim-salter

352
sources/tech/20210421 Build smaller containers.md
View File

@ -1,352 +0,0 @@
[#]: subject: (Build smaller containers)
[#]: via: (https://fedoramagazine.org/build-smaller-containers/)
[#]: author: (Daniel Schier https://fedoramagazine.org/author/danielwtd/)
[#]: collector: (lujun9972)
[#]: translator: (ShuyRoy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Build smaller containers
======
![build smaller containers][1]
Otter image excerpted from photo by [Dele Oluwayomi][2] on [Unsplash][3]
Working with containers is a daily task for many users and developers. Container developers often need to (re)build container images frequently. If you develop containers, have you ever thought about reducing the image size? Smaller images have several benefits. They require less bandwidth to download and they save costs when run in cloud environments. Also, using smaller container images on Fedora [CoreOS][4], [IoT][5] and [Silverblue][6] improves overall system performance because those operating systems rely heavily on container workflows. This article will provide a few tips for reducing the size of container images.
### The tools
The host operating system in the following examples is Fedora Linux 33. The examples use [Podman][7] 3.1.0 and [Buildah][8] 1.2.0. Podman and Buildah are pre-installed in most Fedora Linux variants. If you dont have Podman or Buildah installed, run the following command to install them.
```
$ sudo dnf install -y podman buildah
```
### The task
Begin with a basic example. Build a web container meeting the following requirements.
* The container must be based on Fedora Linux
* Use the Apache httpd web server
* Include a custom website
* The container should be relatively small
The following steps will also work on more complex images.
### The setup
First, create a project directory. This directory will include your website and container file.
```
$ mkdir smallerContainer
$ cd smallerContainer
$ mkdir files
$ touch files/index.html
```
Make a simple landing page. For this demonstration, you may copy the below HTML into the _index.html_ file.
```
<!doctype html>
<html lang="de">
<head>
<title>Container Page</title>
</head>
<body>
<header>
<h1>Container Page</h1>
</header>
<main>
<h2>Fedora</h2>
<ul>
<li><a href="https://getfedora.org">Fedora Project</a></li>
<li><a href="https://docs.fedoraproject.org/">Fedora Documentation</a></li>
<li><a href="https://fedoramagazine.org">Fedora Magazine</a></li>
<li><a href="https://communityblog.fedoraproject.org/">Fedora Community Blog</a></li>
</ul>
<h2>Podman</h2>
<ul>
<li><a href="https://podman.io">Podman</a></li>
<li><a href="https://docs.podman.io/">Podman Documentation</a></li>
<li><a href="https://github.com/containers/podman">Podman Code</a></li>
<li><a href="https://podman.io/blogs/">Podman Blog</a></li>
</ul>
<h2>Buildah</h2>
<ul>
<li><a href="https://buildah.io">Buildah</a></li>
<li><a href="https://github.com/containers/buildah">Buildah Code</a></li>
<li><a href="https://buildah.io/blogs/">Buildah Blog</a></li>
</ul>
<h2>Skopeo</h2>
<ul>
<li><a href="https://github.com/containers/skopeo">skopeo Code</a></li>
</ul>
<h2>CRI-O</h2>
<ul>
<li><a href="https://cri-o.io/">CRI-O</a></li>
<li><a href="https://github.com/cri-o/cri-o">CRI-O Code</a></li>
<li><a href="https://medium.com/cri-o">CRI-O Blog</a></li>
</ul>
</main>
</body>
</html>
```
Optionally, test the above _index.html_ file in your browser.
```
$ firefox files/index.html
```
Finally, create a container file. The file can be named either _Dockerfile_ or _Containerfile_.
```
$ touch Containerfile
```
You should now have a project directory with a file system layout similar to what is shown in the below diagram.
```
smallerContainer/
|- files/
| |- index.html
|
|- Containerfile
```
### The build
Now make the image. Each of the below stages will add a layer of improvements to help reduce the size of the image. You will end up with a series of images, but only one _Containerfile_.
#### Stage 0: a baseline container image
Your new image will be very simple and it will only include the mandatory steps. Place the following text in _Containerfile_.
```
# Use Fedora 33 as base image
FROM registry.fedoraproject.org/fedora:33
# Install httpd
RUN dnf install -y httpd
# Copy the website
COPY files/* /var/www/html/
# Expose Port 80/tcp
EXPOSE 80
# Start httpd
CMD ["httpd", "-DFOREGROUND"]
```
In the above file there are some comments to indicate what is being done. More verbosely, the steps are:
1. Create a build container with the base FROM registry.fedoraproject.org/fedora:33
2. RUN the command: _dnf install -y httpd_
3. COPY files relative to the _Containerfile_ to the container
4. Set EXPOSE 80 to indicate which port is auto-publishable
5. Set a CMD to indicate what should be run if one creates a container from this image
Run the below command to create a new image from the project directory.
```
$ podman image build -f Containerfile -t localhost/web-base
```
Use the following command to examine your images attributes. Note in particular the size of your image (467 MB).
```
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-base latest ac8c5ed73bb5 5 minutes ago 467 MB
registry.fedoraproject.org/fedora 33 9f2a56037643 3 months ago 182 MB
```
The example image shown above is currently occupying 467 MB of storage. The remaining stages should reduce the size of the image significantly. But first, verify that the image works as intended.
Enter the following command to start the container.
```
$ podman container run -d --name web-base -P localhost/web-base
```
Enter the following command to list your containers.
```
$ podman container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d24063487f9f localhost/web-base httpd -DFOREGROUN... 2 seconds ago Up 3 seconds ago 0.0.0.0:46191->80/tcp web-base
```
The container shown above is running and it is listening on port _46191_. Going to _localhost:46191_ from a web browser running on the host operating system should render your web page.
```
$ firefox localhost:46191
```
#### Stage 1: clear caches and remove other leftovers from the container
The first step one should always perform to optimize the size of their container image is “clean up”. This will ensure that leftovers from installations and packaging are removed. What exactly this process entails will vary depending on your container. For the above example you can just edit _Containerfile_ to include the following lines.
```
[...]
# Install httpd
RUN dnf install -y httpd && \
dnf clean all -y
[...]
```
Build the modified _Containerfile_ to reduce the size of the image significantly (237 MB in this example).
```
$ podman image build -f Containerfile -t localhost/web-clean
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-clean latest f0f62aece028 6 seconds ago 237 MB
```
#### Stage 2: remove documentation and unneeded package dependencies
Many packages will pull in recommendations, weak dependencies and documentation when they are installed. These are often not needed in a container and can be excluded. The _dnf_ command has options to indicate that it should not include weak dependencies or documentation.
Edit _Containerfile_ again and add the options to exclude documentation and weak dependencies on the _dnf install_ line:
```
[...]
# Install httpd
RUN dnf install -y httpd --nodocs --setopt install_weak_deps=False && \
dnf clean all -y
[...]
```
Build _Containerfile_ with the above modifications to achieve an even smaller image (231 MB).
```
$ podman image build -f Containerfile -t localhost/web-docs
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-docs latest 8a76820cec2f 8 seconds ago 231 MB
```
#### Stage 3: use a smaller container base image
The prior stages, in combination, have reduced the size of the example image by half. But there is still one more thing that can be done to reduce the size of the image. The base image _registry.fedoraproject.org/fedora:33_ is meant for general purpose use. It provides a collection of packages that many people expect to be pre-installed in their Fedora Linux containers. The collection of packages provided in the general purpose Fedora Linux base image is often more extensive than needed, however. The Fedora Project also provides a _fedora-minimal_ base image for those who wish to start with only the essential packages and then add only what they need to achieve a smaller total image size.
Use _podman image search_ to search for the _fedora-minimal_ image as shown below.
```
$ podman image search fedora-minimal
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
fedoraproject.org registry.fedoraproject.org/fedora-minimal 0
```
The _fedora-minimal_ base image excludes [DNF][9] in favor of the smaller [microDNF][10] which does not require Python. When _registry.fedoraproject.org/fedora:33_ is replaced with _registry.fedoraproject.org/fedora-minimal:33_, _dnf_ needs to be replaced with _microdnf_.
```
# Use Fedora minimal 33 as base image
FROM registry.fedoraproject.org/fedora-minimal:33
# Install httpd
RUN microdnf install -y httpd --nodocs --setopt install_weak_deps=0 && \
microdnf clean all -y
[...]
```
Rebuild the image to see how much storage space has been recovered by using _fedora-minimal_ (169 MB).
```
$ podman image build -f Containerfile -t localhost/web-docs
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-minimal latest e1603bbb1097 7 minutes ago 169 MB
```
The initial image size was **467 MB**. Combining the methods detailed in each of the above stages has resulted in a final image size of **169 MB**. The final _total_ image size is smaller than the original _base_ image size of 182 MB!
### Building containers from scratch
The previous section used a container file and Podman to build a new image. There is one last thing to demonstrate — building a container from scratch using Buildah. Podman uses the same libraries to build containers as Buildah. But Buildah is considered a pure build tool. Podman is designed to work as a replacement for Docker.
When building from scratch using Buildah, the container is empty — there is _nothing_ in it. Everything needed must be installed or copied from outside the container. Fortunately, this is quite easy with Buildah. Below, a small Bash script is provided which will build the image from scratch. Instead of running the script, you can run each of the commands from the script individually in a terminal to better understand what is being done.
```
#!/usr/bin/env bash
set -o errexit
# Create a container
CONTAINER=$(buildah from scratch)
# Mount the container filesystem
MOUNTPOINT=$(buildah mount $CONTAINER)
# Install a basic filesystem and minimal set of packages, and nginx
dnf install -y --installroot $MOUNTPOINT --releasever 33 glibc-minimal-langpack httpd --nodocs --setopt install_weak_deps=False
dnf clean all -y --installroot $MOUNTPOINT --releasever 33
# Cleanup
buildah unmount $CONTAINER
# Copy the website
buildah copy $CONTAINER 'files/*' '/var/www/html/'
# Expose Port 80/tcp
buildah config --port 80 $CONTAINER
# Start httpd
buildah config --cmd "httpd -DFOREGROUND" $CONTAINER
# Save the container to an image
buildah commit --squash $CONTAINER web-scratch
```
Alternatively, the image can be built by passing the above script to Buildah. Notice that root privileges are not required.
```
$ buildah unshare bash web-scratch.sh
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-scratch latest acca45fc9118 9 seconds ago 155 MB
```
The final image is only **155 MB**! Also, the [attack surface][11] has been reduced. Not even DNF (or microDNF) is installed in the final image.
### Conclusion
Building smaller container images has many advantages. Reducing the needed bandwidth, the disk footprint and attack surface will lead to better images overall. It is easy to reduce the footprint with just a few small changes. Many of the changes can be done without altering the functionality of the resulting image.
It is also possible to build very small images from scratch which will only hold the needed binaries and configuration files.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/build-smaller-containers/
作者:[Daniel Schier][a]
选题:[lujun9972][b]
译者:[ShuyRoy](https://github.com/Shuyroy)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/danielwtd/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/podman-smaller-1-816x345.jpg
[2]: https://unsplash.com/@errbodysaycheese?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[3]: https://unsplash.com/s/photos/otter?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[4]: https://fedoramagazine.org/getting-started-with-fedora-coreos/
[5]: https://getfedora.org/en/iot/
[6]: https://fedoramagazine.org/what-is-silverblue/
[7]: https://podman.io/
[8]: https://buildah.io/
[9]: https://github.com/rpm-software-management/dnf
[10]: https://github.com/rpm-software-management/microdnf
[11]: https://en.wikipedia.org/wiki/Attack_surface

2
sources/tech/20210427 What-s new in Fedora Workstation 34.md
View File

@ -2,7 +2,7 @@
[#]: via: (https://fedoramagazine.org/whats-new-fedora-34-workstation/)
[#]: author: (Christian Fredrik Schaller https://fedoramagazine.org/author/uraeus/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

44
sources/tech/20210501 Flipping burgers to flipping switches- A tech guy-s journey.md Normal file
View File

@ -0,0 +1,44 @@
[#]: subject: (Flipping burgers to flipping switches: A tech guy's journey)
[#]: via: (https://opensource.com/article/21/5/open-source-story-burgers)
[#]: author: (Clint Byrum https://opensource.com/users/spamaps)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Flipping burgers to flipping switches: A tech guy's journey
======
You never know how your first job might influence your career path.
![Multi-colored and directional network computer cables][1]
In my last week of high school in 1996, I quit my job at Carl's Jr. because I thought maybe without school, I'd have time to learn enough skills to get hired at a PC shop or something. I didn't know that I actually had incredibly marketable skills as a Linux sysadmin and C programmer, because I was the only tech person I'd ever known (except the people I chatted with on Undernet's #LinuxHelp channel).
I applied at a local company that had maybe the weirdest tech mission I've experienced: Its entire reason for existing was the general lack of industrial-sized QIC-80 tape-formatting machines. Those 80MB backup tapes (gargantuan at a time when 200MB hard disks were huge) were usually formatted at the factory as they came off the line, or you could buy them already formatted at a significantly higher price.
One of the people who developed that line at 3M noticed that formatting them took an hour—over 90% of their time in manufacturing. The machine developed to speed up formatting was, of course, buggy and years too late.
Being a shrewd businessman, instead of fixing the problem for 3M, he quit his job, bought a bunch of cheap PCs and a giant pile of unformatted tapes, and began paying minimum wage to workers in my hometown of San Marcos, Calif., to stuff them into the PCs and pull them out all day long. Then he sold the formatted tapes at a big markup—but less than what 3M charged for them. It was a success.
By the time I got there in 1996, they'd streamlined things a bit. They had a big degaussing machine, about 400 486 PCs stuffed with specialized floppy controllers so that you could address eight tape drives in one machine, custom software (including hardware multiplexers for data collection), and contracts with all the major tape makers (Exabyte, 3M, etc.). I thought I was coming in to be a PC repair tech, as I had passed the test, which asked me to identify all the parts of a PC.
A few weeks in, the lead engineer noticed I had an electronics book (I was studying electronics at [ITT Tech][2], of all places) and pulled me in to help him debug and build the next feature they had cooked up—a custom printed circuit board (PCB) that lit up LEDs to signal a tape's status: formatting (yellow), error (red), or done (green). I didn't write any code or do anything useful, but he still told me I was wasting my time there and should go out and get a real tech job.
That "real tech job" I got was as a junior sysadmin for a local medical device manufacturer. I helped bridge their HP-UX ERP system to their new parent company's Windows NT printers using Linux and Samba—and I was hooked forever on the power of free and open source software (FOSS). I also did some fun debugging while I was there, which you can [read about][3] on my blog.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/5/open-source-story-burgers
作者:[Clint Byrum][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/spamaps
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/connections_wires_sysadmin_cable.png?itok=d5WqHmnJ (Multi-colored and directional network computer cables)
[2]: https://en.wikipedia.org/wiki/ITT_Technical_Institute
[3]: https://fewbar.com/2020/04/a-bit-of-analysis/

183
sources/tech/20210502 Fedora Vs Red Hat- Which Linux Distro Should You Use and Why.md Normal file
View File

@ -0,0 +1,183 @@
[#]: subject: (Fedora Vs Red Hat: Which Linux Distro Should You Use and Why?)
[#]: via: (https://itsfoss.com/fedora-vs-red-hat/)
[#]: author: (Sarvottam Kumar https://itsfoss.com/author/sarvottam/)
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
Fedora Vs Red Hat: Which Linux Distro Should You Use and Why?
======
Fedora and Red Hat. Both Linux distributions belong to the same organization, both use RPM package manager and both provide desktop and server editions. Both Linux distributions have a greater impact on the operating system world.
This is why it is easier to get confused between the two similar distributions. In this article, I will discuss the similarities and difference between Red Hat and Fedora.
This will help you if you want to choose between the two or simply want to understand the concept of having two distributions from the same organization.
### Difference Between Fedora And RHEL
![][1]
Lets talk about the difference between the two distributions first.
#### Community Version vs Enterprise Version
Back in 1995, Red Hat Linux had its first non-beta release, which was sold as a boxed product. It was also called Red Hat Commercial Linux.
Later in 2003, Red Hat turned Red Hat Linux into a Red Hat Enterprise Linux (RHEL) focussed completely on enterprise customers. Since then, Red Hat is an enterprise version of Linux distribution.
What it means is that you have to subscribe and pay to use Red Hat as it is not available as a free OS. Even all software, bug fixes, and security support are available for only those who have an active Red Hat subscription.
At the time when Red Hat Linux became RHEL, it also resulted in the foundation of the Fedora Project that takes care of the development of Fedora Linux.
Unlike Red Hat, Fedora is a community version of the Linux distribution that is available at free of cost for everyone including bug fixes and other services.
Even though Red Hat sponsors the Fedora Project, Fedora Linux is primarily maintained by an independent open source community.
#### Free vs Paid
Well, you will find the majority of Linux distributions are available to download free of cost. Fedora Linux is also one such distro, whose desktop, server, all other editions, and spins are freely [available to download][2].
There are still Linux distros for which you have to pay. Red Hat Enterprise Linux is one such popular Linux-based operating system that comes at cost of money.
Except for the RHEL [developer version][3] which costs $99, you have to pay more than $100 to purchase [other RHEL versions][4] for servers, virtual datacenters, and desktops.
However, if you happen to be an individual developer, not an organization or team, you can join [Red Hat Developer Program][5]. Under the program, you get access to Red Hat Enterprise Linux including other products at no cost for a period of 12 months.
#### Upstream vs Downstream
Fedora is upstream of RHEL and RHEL is downstream of Fedora. This means when a new version of Fedora releases with new features and changes, Red Hat makes use of Fedora source code to include the desired features in its next release.
Of course, Red Hat also test the pulled code before merging into its own codebase for RHEL.
In another way, Fedora Linux acts as a testing ground for Red Hat to first check and then incorporate features into the RHEL system.
#### Release Cycle
For delivering the regular updates to all components of the OS, both RHEL and Fedora follow a standard fixed-point release model.
Fedora has a new version release approximately every six months (mostly in April and October) that comes with maintenance support for up to 13 months.
Red Hat releases a new point version of a particular series every year and a major version after approximately 5 years. Each major release of Red Hat goes through four lifecycle phases that range from 5 years of support to 10 years with Extended Life Phase using add-on subscriptions.
#### Cutting-edge Linux Distribution
When it comes to innovation and new technologies, Fedora takes a complete edge over the RHEL. Even though Fedora does not follow the [rolling release model][6], it is the distribution known for offering bleeding-edge technology early on.
This is because Fedora regularly updates the packages to their latest version to provide an up-to-date OS after every six months.
If you know, [GNOME 40][7] is the latest version of the GNOME desktop environment that arrived last month. And the latest stable [version 34][8] of Fedora does include it, while the latest stable version 8.3 of RHEL still comes with GNOME 3.32.
#### File System
Do you put the organization and retrieval of data on your system at a high priority in choosing an operating system? If so, you should know about XFS and BTRFS file system before deciding between Red Hat and Fedora.
It was in 2014 when RHEL 7.0 replaced EXT4 with XFS as its default file system. Since then, Red Hat has an XFS 64-bit journaling file system in every version by default.
Though Fedora is upstream to Red Hat, Fedora continued with EXT4 until last year when [Fedora 33][9] introduced [Btrfs as the default file system][10].
Interestingly, Red Hat had included Btrfs as a “technology preview” at the initial release of RHEL 6. Later on, Red Hat dropped the plan to use Btrfs and hence [removed][11] it completely from RHEL 8 and future major release in 2019.
#### Variants Available
Compared to Fedora, Red Hat has very limited number of editions. It is mainly available for desktops, servers, academics, developers, virtual servers, and IBM Power Little Endian.
While Fedora along with official editions for desktop, server, and IoT, provides an immutable desktop Silverblue and a container-focused Fedora CoreOS.
Not just that, but Fedora also has purpose-specific custom variants called [Fedora Labs][12]. Each ISO packs a set of software packages for professionals, neuroscience, designers, gamers, musicians, students, and scientists.
Want different desktop environments in Fedora? you can also check for the official [Fedora Spins][13] that comes pre-configured with several desktop environments such as KDE, Xfce, LXQT, LXDE, Cinnamon, and i3 tiling window manager.
![Fedora Cinnamon Spin][14]
Furthermore, if you want to get your hands on new software before it lands in stable Fedora, Fedora Rawhide is yet another edition based on the rolling release model.
### **Similarities Between Fedora And RHEL**
Besides the dissimilarities, both Fedora and Red Hat also have several things in common.
#### Parent Company
Red Hat Inc. is the common company that backs both Fedora project and RHEL in terms of both development and financial.
Even Red Hat sponsors the Fedora Project financially, Fedora also has its own council that supervises the development without Red Hat intervention.
#### Open Source Product
Before you think that Red Hat charges money then how it can be an open-source product, I would suggest reading our [article][15] that breaks down everything about FOSS and Open Source.
Being an open source software does not mean you can get it freely, sometimes it can cost money. Red Hat is one of the open source companies that have built a business in it.
Both Fedora and Red Hat is an open source operating system. All the Fedora package sources are available [here][16] and already packaged software [here][2].
However, in the case of Red Hat, the source code is also [freely available][17] for anyone. But unlike Fedora, you need to pay for using the runnable code or else you are free to build on your own.
What you pay to Red Hat subscription is actually for the system maintenance and technical support.
#### Desktop Environment And Init System
The flagship desktop edition of Fedora and Red Hat ships GNOME graphical interface. So, if youre already familiar with GNOME, starting with any of the distributions wont be of much trouble.
![GNOME desktop][18]
Are you one of the few people who hate SystemD init system? If so, then none of Fedora and Red Hat is an OS for you as both supports and uses SystemD by default.
Anyhow if you wishes to replace it with other init system like Runit or OpenRC, its not impossible but I would say it wont be a best idea.
#### RPM-based Distribution
If youre already well-versed with handling the rpm packages using YUM, RPM, or DNF command-line utility, kudos! you can count in both RPM-based distributions.
By default, Red Hat uses RPM (Red Hat Package Manager) for installing, updating, removing, and managing RPM software packages.
Fedora used YUM (Yellowdog Updater Modified) until Fedora 21 in 2015. Since Fedora 22, it now uses DNF (Dandified Yum) in place of YUM as the default [package manager][19].
### Fedora Or Red Hat: Which One Should You Choose?
Frankly, it really depends on who youre and why do you want to use it. If youre a beginner, developer, or a normal user who wants it for productivity or to learn about Linux, Fedora can be a good choice.
It will help you to set up the system easily, experiment, save money, and also become a part of the Fedora Project. Let me remind you that Linux creator [Linus Torvalds][20] uses Fedora Linux on his main workstation.
However, it definitely does not mean you should also use Fedora. If you happen to be an enterprise, you may rethink choosing it considering Fedoras support lifecycle that reaches end of life in a year.
And if youre not a fan of rapid changes in every new version, you may dislike cutting-edge Fedora for your server and business needs.
With enterprise version Red Hat, you get high stability, security, and quality of support from expert Red Hat engineers for your large enterprise.
So, are you willing to upgrade your server every year and get free community support or purchase a subscription to get more than 5 years of lifecycle and expert technical support? A decision is yours.
--------------------------------------------------------------------------------
via: https://itsfoss.com/fedora-vs-red-hat/
作者:[Sarvottam Kumar][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/sarvottam/
[b]: https://github.com/lujun9972
[1]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/05/fedora-vs-red-hat.jpg?resize=800%2C450&ssl=1
[2]: https://getfedora.org/
[3]: https://www.redhat.com/en/store/red-hat-enterprise-linux-developer-suite
[4]: https://www.redhat.com/en/store/linux-platforms
[5]: https://developers.redhat.com/register/
[6]: https://itsfoss.com/rolling-release/
[7]: https://news.itsfoss.com/gnome-40-release/
[8]: https://news.itsfoss.com/fedora-34-release/
[9]: https://itsfoss.com/fedora-33/
[10]: https://itsfoss.com/btrfs-default-fedora/
[11]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/file-systems-and-storage_considerations-in-adopting-rhel-8#btrfs-has-been-removed_file-systems-and-storage
[12]: https://labs.fedoraproject.org/
[13]: https://spins.fedoraproject.org/
[14]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/Fedora-Cinnamon-Spin.jpg?resize=800%2C450&ssl=1
[15]: https://itsfoss.com/what-is-foss/
[16]: https://src.fedoraproject.org/
[17]: http://ftp.redhat.com/pub/redhat/linux/enterprise/
[18]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2021/04/GNOME-desktop.jpg?resize=800%2C450&ssl=1
[19]: https://itsfoss.com/package-manager/
[20]: https://itsfoss.com/linus-torvalds-facts/

159
translated/tech/20210331 A tool to spy on your DNS queries- dnspeep.md
View File

@ -1,159 +0,0 @@
[#]: subject: (A tool to spy on your DNS queries: dnspeep)
[#]: via: (https://jvns.ca/blog/2021/03/31/dnspeep-tool/)
[#]: author: (Julia Evans https://jvns.ca/)
[#]: collector: (lujun9972)
[#]: translator: (wyxplus)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
监控你所进行 DNS 查询的工具dnspeep
======
你好啊!在过去的几天中,我编写了一个叫作 [dnspeep][1] 的小工具,它能让你看到你电脑中正进行的 DNS 查询,并且还能看得到其响应。现在只需 [250 行 Rust 代码][2] 即可实现。
我将讨论你如何去尝试它、能做什么、为什么我要编写它,以及当我在开发时所遇到的问题。
### 如何尝试
我构建了一些二进制文件,因此你可以快速尝试一下。
对于 Linuxx86
```
wget https://github.com/jvns/dnspeep/releases/download/v0.1.0/dnspeep-linux.tar.gz
tar -xf dnspeep-linux.tar.gz
sudo ./dnspeep
```
对于 Mac
```
wget https://github.com/jvns/dnspeep/releases/download/v0.1.0/dnspeep-macos.tar.gz
tar -xf dnspeep-macos.tar.gz
sudo ./dnspeep
```
它需要以<ruby>超级用户<rt>root</rt></ruby>身份运行,因为它需要访问计算机正在发送的所有 DNS 数据包。 这与 `tcpdump` 需要以超级身份运行的原因相同——它使用 `libpcap`,这与 tcpdump 使用的库相同。
如果你不想下载二进制文件在超级用户下运行,你也能在 <https://github.com/jvns/dnspeep> 查看源码并且自行编译。
### 输出结果是什么样的
以下是输出结果。每行都是一次 DNS 查询和响应。
```
$ sudo dnspeep
query name server IP response
A firefox.com 192.168.1.1 A: 44.235.246.155, A: 44.236.72.93, A: 44.236.48.31
AAAA firefox.com 192.168.1.1 NOERROR
A bolt.dropbox.com 192.168.1.1 CNAME: bolt.v.dropbox.com, A: 162.125.19.131
```
这些查询是来自于我打算在浏览器中访问 `neopets.com`,而 `bolt.dropbox.com` 查询是因为我正在运行 Dropbox 代理,并且我猜它不时会在后台运行,因为其需要同步。
### 为什么我要再开发一个 DNS 工具?
之所以这样做,是因为我认为当你不太了解 DNS 时DNS 似乎真的很神秘!
你的浏览器(和其他在你电脑上的软件)始终在进行 DNS 查询,我认为当你能真正看到请求和响应时,似乎会有更多的真实感。
我也把其当做一个调试工具。我想“这是 DNS 的问题?”的时候,往往很难回答。我得到的印象是,当尝试检查问题是否由 DNS 引起时,人们经常使用试错法或猜测,而不是仅仅查看计算机所获得的 DNS 响应。
### 你可以使用互联网查看“秘密”使用的软件
我喜欢该工具的一方面是,它给我在我电脑上的程序正使用互联网的感觉!例如,我发现在我电脑上,某些软件正因为某些理由不断地发送请求到 `ping.manjaro.org`,可能是检查我是否已经连上互联网了。
实际上,我的一个朋友使用该工具发现,他的电脑上安装了一些公司监控软件,这些软件是他在以前的工作中安装的,但是他忘记卸载了,因此你甚至可能发现一些你想要移动的东西。
### 如果你不习惯 tcpdump则会感到困惑
当试图向人们展示 DNS 查询他们的计算机时,我的第一感是想“好吧,使用 tcpdump”而且 `tcpdump` 可以解析 DNS 数据包!
例如,下方是一次对 `incoming.telemetry.mozilla.org.` 的 DNS 查询结果:
```
11:36:38.973512 wlp3s0 Out IP 192.168.1.181.42281 > 192.168.1.1.53: 56271+ A? incoming.telemetry.mozilla.org. (48)
11:36:38.996060 wlp3s0 In IP 192.168.1.1.53 > 192.168.1.181.42281: 56271 3/0/0 CNAME telemetry-incoming.r53-2.services.mozilla.com., CNAME prod.data-ingestion.prod.dataops.mozgcp.net., A 35.244.247.133 (180)
```
绝对可以学习阅读,例如,让我们分解一下查询:
`192.168.1.181.42281 > 192.168.1.1.53: 56271+ A? incoming.telemetry.mozilla.org. (48)`
* `A?` 意味着这是一次 A 类的 DNS **查询**
* `incoming.telemetry.mozilla.org.` 是被查询的名称
* `56271` 是 DNS 查询的 ID
* `192.168.1.181.42281` 是源 IP/端口
* `192.168.1.1.53` 是目的 IP/端口
* `(48)` 是 DNS 报文长度
在响应报文中,我们可以这样分解:
`56271 3/0/0 CNAME telemetry-incoming.r53-2.services.mozilla.com., CNAME prod.data-ingestion.prod.dataops.mozgcp.net., A 35.244.247.133 (180)`
* `3/0/0` 是在响应报文中的记录数3 个回答, 0 个授权, 0 个附加。我认为 tcpdump 甚至只打印出回答响应报文。
* `CNAME telemetry-incoming.r53-2.services.mozilla.com`, `CNAME prod.data-ingestion.prod.dataops.mozgcp.net.``A 35.244.247.133` 是三个响应方。
* `56271` 是响应报文 ID和查询报文的 ID 相对应。这便是你能在前一行分辨出对于请求报文的响应报文。
我认为,这种格式最难处理的原因(作为一个只想查看一些 DNS 流量的人)是,你必须手动匹配请求和响应,而且它们并不总是相邻的。这就是计算机擅长的事情!
因此,我决定编写一个小程序(`dnspeep`)来进行匹配,并删除一些我认为多余的信息。
### 当编写时我所遇到的问题
在撰写本文时,我遇到了一些问题。
* 我必须修补 `pcap` 包,使其能在 Tokio 和 Mac 的操作系统上正常工作([此更改][3])。这是需要花费大量时间找出并修复一行的错误之一。
* 不同的 Linux 发行版似乎有不同的 `libpcap.so` 版本。所以我不能轻易地分发一个 libpcap 动态链接的二进制文件(你可以看到其他人 [在这里][4] 也有同样的问题)。因此,我决定将 libpcap 静态编译到 Linux 上的工具中。但我仍然不太了解如何在 Rust 中正确执行此操作,但我知道如何让它运行,将 `libpcap.a` 文件拷贝到 `target/release/deps` 目录下,然后运行 `cargo build`
* 我使用的 `dns_parser` 不支持所有 DNS 查询类型,只支持最常见的。我可能需要更换一个不同的工具包来解析 DNS 数据包,但目前为止还没有找到合适的。
* 因为 `pcap` 接口只提供原始字节(包括以太网帧),所以我需要 [编写代码来计算从一开始要剥离多少字节才能获得数据包的 IP 报头][5]。我很肯定我还遗漏了某些点。
我对于取名也有过一段艰难的时光,因为已经有许多 DNS 工具了dnsspydnssnoopdnssniffdnswatch我基本上只是查了下有关“监听”的每个同义词然后选择了一个看起来很有趣并且还没有被其他 DNS 工具所占用的名称。
该程序没有做的一件事就是告诉你哪个进程进行了 DNS 查询,我发现有一个名为 [dnssnoop][6] 的工具可以做到这一点。它使用 eBPF看上去很酷但我还没有尝试过。
### 可能会有许多 bug
我仅仅简单的在 Linux 和 Mac 上测试,并且我已知至少一个 bug因为其不支持足够多的 DNS 查询类型),所以请在遇到问题时告知我!
尽管这个 bug 没什么危害,因为这 libpcap 接口是只读的。所以可能发生的最糟糕的事情是它得到一些它无法解析的输入,最后打印出错误或是崩溃。
### 编写小型教育工具很有趣
最近,我对编写小型教育的 DNS 工具十分感兴趣。
到目前为止我所编写的工具:
* <https://dns-lookup.jvns.ca>(一种进行 DNS 查询的简单方法)
* <https://dns-lookup.jvns.ca/trace.html>(向你显示在进行 DNS 查询时内部发生的情况)
* 本工具(`dnspeep`
以前我尽力阐述现存工具(如 `dig``tcpdump`)而不是编写自己的工具,但是经常我发现这些工具的输出结果让人费解,所以我非常关注以更加友好的方式来看这些相同的信息,以至于每个人都能明白他们电脑正在进行的 DNS 查询,来替换 tcmdump。
--------------------------------------------------------------------------------
via: https://jvns.ca/blog/2021/03/31/dnspeep-tool/
作者:[Julia Evans][a]
选题:[lujun9972][b]
译者:[wyxplus](https://github.com/wyxplus)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://jvns.ca/
[b]: https://github.com/lujun9972
[1]: https://github.com/jvns/dnspeep
[2]: https://github.com/jvns/dnspeep/blob/f5780dc822df5151f83703f05c767dad830bd3b2/src/main.rs
[3]: https://github.com/ebfull/pcap/pull/168
[4]: https://github.com/google/gopacket/issues/734
[5]: https://github.com/jvns/dnspeep/blob/f5780dc822df5151f83703f05c767dad830bd3b2/src/main.rs#L136
[6]: https://github.com/lilydjwg/dnssnoop

356
translated/tech/20210421 Build smaller containers.md Normal file
View File

@ -0,0 +1,356 @@
[#]: subject: (Build smaller containers)
[#]: via: (https://fedoramagazine.org/build-smaller-containers/)
[#]: author: (Daniel Schier https://fedoramagazine.org/author/danielwtd/)
[#]: collector: (lujun9972)
[#]: translator: (ShuyRoy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
构建更小的容器
======
![build smaller containers][1]
水獭图片节选自[Dele Oluwayomi][2] 发表在 [Unsplash][3]上的照片
使用容器工作是很多用户和开发者的日常任务。容器开发者经常需要频繁地构建容器镜像。如果你开发容器你有想过减小镜像的大小吗比较小的镜像有一些好处。在下载的时候所需要的带宽更少而且在云环境中运行的时候也可以节省开销。而且在Fedora [CoreOS][4]、[IoT][5]以及[Silverblue][6]上使用较小的容器镜像提升了整体系统性能,因为这些操作系统严重依赖于容器工作流。这篇文章将会提供一些减小容器镜像大小的技巧。
### 工具
以下例子所用到的主机操作系统是Fedora Linux33。例子使用 [Podman][7] 3.1.0 和[Buildah][8] 1.2.0。在大多数Fedora Linux变体中Podman和Buildah都被预装好了。如果你没有安装Podman和Buildah可以用下边的命令安装
```
$ sudo dnf install -y podman buildah
```
### 任务
从一个基础的例子开始。构建一个满足以下需求的web容器。
* 容器必须基于Fedora Linux
* 使用Apache httpd web 服务器
* 包含一个定制的网站
* 容器应该比较小
下边的步骤都是在比较复杂的镜像上进行的。
### 设置
首先,创建一个工程目录。这个目录将会包含你的网站和容器文件。
```
$ mkdir smallerContainer
$ cd smallerContainer
$ mkdir files
$ touch files/index.html
```
制作一个简单的登录页面。对于这个演示你可以将下面的HTML复制到 _index.html_ 文件中。
```
<!doctype html>
<html lang="de">
<head>
<title>Container Page</title>
</head>
<body>
<header>
<h1>Container Page</h1>
</header>
<main>
<h2>Fedora</h2>
<ul>
<li><a href="https://getfedora.org">Fedora Project</a></li>
<li><a href="https://docs.fedoraproject.org/">Fedora Documentation</a></li>
<li><a href="https://fedoramagazine.org">Fedora Magazine</a></li>
<li><a href="https://communityblog.fedoraproject.org/">Fedora Community Blog</a></li>
</ul>
<h2>Podman</h2>
<ul>
<li><a href="https://podman.io">Podman</a></li>
<li><a href="https://docs.podman.io/">Podman Documentation</a></li>
<li><a href="https://github.com/containers/podman">Podman Code</a></li>
<li><a href="https://podman.io/blogs/">Podman Blog</a></li>
</ul>
<h2>Buildah</h2>
<ul>
<li><a href="https://buildah.io">Buildah</a></li>
<li><a href="https://github.com/containers/buildah">Buildah Code</a></li>
<li><a href="https://buildah.io/blogs/">Buildah Blog</a></li>
</ul>
<h2>Skopeo</h2>
<ul>
<li><a href="https://github.com/containers/skopeo">skopeo Code</a></li>
</ul>
<h2>CRI-O</h2>
<ul>
<li><a href="https://cri-o.io/">CRI-O</a></li>
<li><a href="https://github.com/cri-o/cri-o">CRI-O Code</a></li>
<li><a href="https://medium.com/cri-o">CRI-O Blog</a></li>
</ul>
</main>
</body>
</html>
```
此时你可以选择在浏览器中测试上面的 _index.html_ 文件。
```
$ firefox files/index.html
```
最后,创建一个容器文件。这个文件可以命名为 _Dockerfile_ 或者 _Containerfile_
```
$ touch Containerfile
```
现在你应该有了一个工程目录,并且该目录中的文件系统布局如下。
```
smallerContainer/
|- files/
| |- index.html
|
|- Containerfile
```
### 构建
现在构建镜像。下边的每个阶段都会添加一层改进来帮助减小镜像的大小。你最终会得到一系列镜像,但只有一个 _Containerfile_
#### 阶段0一个基本的容器镜像
你的新镜像将会非常简单,它只包含强制性步骤。在 _Containerfile_ 中添加以下内容。
```
# 使用 Fedora 33作为基镜像
FROM registry.fedoraproject.org/fedora:33
# 安装 httpd
RUN dnf install -y httpd
# 复制这个网站
COPY files/* /var/www/html/
# 设置端口为80/tcp
EXPOSE 80
# 启动 httpd
CMD ["httpd", "-DFOREGROUND"]
```
在上边的文件中有一些注释来解释每一行内容都是在做什么。更详细的步骤:
1. 在FROM registry.fedoraproject.org/fedora:33 的基础上创建一个构建容器
2. 运行命令: _dnf install -y httpd_
3. 将与 _Containerfile_ 有关的文件拷贝到容器中
4. 设置EXPOSE 80来说明哪个端口是可以自动设置的
5. 设置一个CMD指令来说明如果从这个镜像创建一个容器应该运行什么
运行下边的命令从工程目录创建一个新的镜像。
```
$ podman image build -f Containerfile -t localhost/web-base
```
使用一下命令来查看你的镜像的属性。注意你的镜像的大小467 MB
```
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-base latest ac8c5ed73bb5 5 minutes ago 467 MB
registry.fedoraproject.org/fedora 33 9f2a56037643 3 months ago 182 MB
```
以上这个例子中展示的镜像在现在占用了467 MB的空间。剩下的阶段将会显著地减小镜像的大小。但是首先要验证镜像是否能够按照预期工作。
输入以下命令来启动容器。
```
$ podman container run -d --name web-base -P localhost/web-base
```
输入以下命令可以列出你的容器。
```
$ podman container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d24063487f9f localhost/web-base httpd -DFOREGROUN... 2 seconds ago Up 3 seconds ago 0.0.0.0:46191->80/tcp web-base
```
以上展示的容器正在运行,它正在监听的端口是 _46191_ 。从运行在主机操作系统上的web浏览器转到 _localhost:46191_ 应该呈现你的web页面。
```
$ firefox localhost:46191
```
#### 阶段1清除缓存并将残余的内容从容器中删除
为了优化容器镜像的大小,第一步应该总是执行”清理“。这将保证安装和打包所残余的内容都被删掉。这个过程到底需要什么取决于你的容器。对于以上的例子,只需要编辑 _Containerfile_ 让它包含以下几行。
```
[...]
# Install httpd
RUN dnf install -y httpd && \
dnf clean all -y
[...]
```
构建修改后的 _Containerfile_ 来显著地减小镜像这个例子中是237 MB
```
$ podman image build -f Containerfile -t localhost/web-clean
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-clean latest f0f62aece028 6 seconds ago 237 MB
```
#### 阶段2删除文档和不需要的依赖包
许多包在安装时会被建议拉下来,包含一些弱依赖和文档。这些在容器中通常是不需要的,可以删除。 _dnf_ 命令的选项表明了他不需要包含弱依赖或文档。
再次编辑 _Containerfile_ ,并在 _dnf install_ 行中添加删除文档和弱依赖的选项:
```
[...]
# Install httpd
RUN dnf install -y httpd --nodocs --setopt install_weak_deps=False && \
dnf clean all -y
[...]
```
构建经过以上修改后的 _Containerfile_ 可以得到一个更小的镜像231 MB
```
$ podman image build -f Containerfile -t localhost/web-docs
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-docs latest 8a76820cec2f 8 seconds ago 231 MB
```
#### 阶段3使用更小的容器基镜像
前面的阶段结合起来,使得示例镜像的大小减少了一半。但是仍然还有一些途径来进一步减小镜像的大小。这个基镜像 _registry.fedoraproject.org/fedora:33_ 是通用的。它提供了一组软件包许多人希望这些软件包预先安装在他们的Fedora Linux容器中。但是通用Fedora Linux基镜像中提供的包通常必须要的更多。Fedora工程也为那些希望只从基本包开始然后只添加所需内容来实现较小总镜像大小的用户提供了一个 _fedora-minimal_ 镜像。
使用 _podman image search_ 来查找 _fedora-minimal_ 镜像如下所示。
```
$ podman image search fedora-minimal
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
fedoraproject.org registry.fedoraproject.org/fedora-minimal 0
```
_fedora-minimal_ 基镜像不包含[DNF][9]而是倾向于不需要Python的较小的[microDNF][10]。当 _registry.fedoraproject.org/fedora:33__registry.fedoraproject.org/fedora-minimal:33_ 替换后,需要用 _microdnf_ 来替换 _dnf_
```
# 使用Fedora minimal 33作为基镜像
FROM registry.fedoraproject.org/fedora-minimal:33
# 安装 httpd
RUN microdnf install -y httpd --nodocs --setopt install_weak_deps=0 && \
microdnf clean all -y
[...]
```
使用 _fedora-minimal_ 重新构建后的镜像大小如下所示 169 MB
```
$ podman image build -f Containerfile -t localhost/web-docs
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-minimal latest e1603bbb1097 7 minutes ago 169 MB
```
最开始的镜像大小是**467 MB**。结合以上每个阶段所提到的方法,进行重新构建之后可以得到最终大小为**169 MB**的镜像。最终的 _总_ 镜像大小比最开始的 _基_ 镜像大小小了182 MB
### 从零开始构建容器
前边的内容使用一个容器文件和Podman来构建一个新的镜像。还有最后一个方法要展示——使用Buildah来从头构建一个容器。Podman使用与Buildah相同的库来构建容器。但是Buildah被认为是一个纯构建工具。Podman被设计来是为了代替Docker的。
使用Buildah从头构建的容器是空的——它里边什么都 _没有_ 。所有的东西都需要安装或者从容器外拷贝。幸运地是使用Buildah可以相当简单。下边是一个从头开始构建镜像的小的Bash脚本。除了运行这个脚本你也可以在终端逐条地运行脚本中的命令来更好的理解每一步都是做什么的。
```
#!/usr/bin/env bash
set -o errexit
# 创建一个容器
CONTAINER=$(buildah from scratch)
# 挂载容器文件系统
MOUNTPOINT=$(buildah mount $CONTAINER)
# 安装一个基本的文件系统和最小的包以及nginx
dnf install -y --installroot $MOUNTPOINT --releasever 33 glibc-minimal-langpack httpd --nodocs --setopt install_weak_deps=False
dnf clean all -y --installroot $MOUNTPOINT --releasever 33
# 清除
buildah unmount $CONTAINER
# 复制网站
buildah copy $CONTAINER 'files/*' '/var/www/html/'
# 设置端口为 80/tcp
buildah config --port 80 $CONTAINER
# 启动httpd
buildah config --cmd "httpd -DFOREGROUND" $CONTAINER
# 将容器保存为一个镜像
buildah commit --squash $CONTAINER web-scratch
```
或者可以通过将上面的脚本传递给Buildah来构建镜像。注意不需要root权限。
```
$ buildah unshare bash web-scratch.sh
$ podman image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/web-scratch latest acca45fc9118 9 seconds ago 155 MB
```
最后的镜像只有**155 MB**!而且[攻击面][11]也减少了。甚至在最后的镜像中都没有安装DNF或者microDNF
### 结论
构建一个比较小的容器镜像有许多优点。减少所需要的带宽、磁盘占用以及攻击面,都会得到更好的镜像。只用很少的更改来减小镜像的大小很简单。许多更改都可以在不改变结果镜像的功能下完成。
只保存所需的二进制文件和配置文件来构建非常小的镜像也是可能的。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/build-smaller-containers/
作者:[Daniel Schier][a]
选题:[lujun9972][b]
译者:[ShuyRoy](https://github.com/Shuyroy)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/danielwtd/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2021/04/podman-smaller-1-816x345.jpg
[2]: https://unsplash.com/@errbodysaycheese?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[3]: https://unsplash.com/s/photos/otter?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[4]: https://fedoramagazine.org/getting-started-with-fedora-coreos/
[5]: https://getfedora.org/en/iot/
[6]: https://fedoramagazine.org/what-is-silverblue/
[7]: https://podman.io/
[8]: https://buildah.io/
[9]: https://github.com/rpm-software-management/dnf
[10]: https://github.com/rpm-software-management/microdnf
[11]: https://en.wikipedia.org/wiki/Attack_surface

88
translated/tech/20210426 3 beloved USB drive Linux distros.md
View File

@ -1,88 +0,0 @@
[#]: subject: (3 beloved USB drive Linux distros)
[#]: via: (https://opensource.com/article/21/4/usb-drive-linux-distro)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
3 个心爱的 U 盘 Linux 发行版
======
开源技术人员对此深有体会。
![Linux keys on the keyboard for a desktop computer][1]
很少有 Linux 用户不记得他们第一次发现你可以启动计算机并在上面运行 Linux 而不需要实际安装它。当然,许多用户都知道可以启动计算机进入操作系统安装程序,但是 Linux 不同:它根本就不需要安装!你的计算机甚至不需要有一个硬盘驱动器。你可以通过一个 U 盘运行 Linux 几个月甚至几_年_。
自然,有一些不同的”实时“ Linux 发行版可供选择。我们向我们的作者询问了他们的最爱,他们的回答代表了现有的全部内容。
### 1\. Puppy Linux
”作为之前的**Puppy Linux** 开发者,我对此的看法相当偏颇。 但 Puppy 最初吸引我的地方是:
* 它专注于第三世界国家容易获得的低端和老旧硬件。这为买不起最新的现代系统的贫困地区开放了计算能力
* 它能够在内存中运行,当它被使用时可以提供一些有趣的安全优势
* 它在一个单一的 SFS 文件中处理用户文件和会话,使得备份、恢复或移动你现有的桌面/应用/文件到另一个安装中只需一个拷贝命令“
—[JT Pennington][2]
”对我来说,它一直是 **Puppy Linux**。它启动迅速支持旧硬件。GUI 超级容易说服别人第一次尝试 Linux“。—[Sachin Patil][3]
”Puppy 是真正能在任何东西上运行的实时发行版。我有一台废弃的 microATX 塔式电脑,它的光驱坏了,也没有硬盘(为了数据安全,它已经被拆掉了),而且几乎没有内存。我把 Puppy 插入它的 SD 卡插槽,运行了好几年。“ —[Seth Kenlon][4]
”我没有那么多使用 U 盘 Linux 发行版的经验,但我把票投给 **Puppy Linux**。它很轻,而且完全适用于旧机器。“ —[Sergey Zarubin][5]
### 2\. Fedora 和 Red Hat
”我最喜欢的 USB 发行版其实是 **Fedora Live USB**。它有一个浏览器、磁盘工具和一个终端模拟器,所以我可以用它来拯救机器上的数据,或者我可以浏览网页或在需要时用 ssh 进入其他机器做一些工作。所有这些都不需要在记忆棒上存储任何数据,也不会在使用中的机器被泄露的情况下将其暴露出来。“ —[Steve Morris][6]
”我过去一直使用 Puppy 和 DSL。这些天我有两个 U 盘:**RHEL7 和 RHEL8**。 这两个都被配置为完整的工作环境,能够为 UEFI 和 BIOS 启动。当我面对一个随机的硬件,我们有问题要解决时,这些都是现实生活和时间的救星。“ —[Steven Ellis][7]
### 3\. Porteus
”不久前,我安装了每个版本的 Porteus 系统的虚拟机。那很有趣,所以也许我会再看一下它们。每当提到微型发行版的话题时,我总是想起我记得的第一个使用的发行版:**tomsrtbt**。它一直被设计成适合放在软盘上。我不知道它现在有多大用处,但我想我应该把它放在一起。“ —[Alan Formy-Duval][8]
”作为一个长期的 Slackware 用户,我很欣赏 **Porteus** 提供的 Slack 的最新版本,以及一个灵活的环境。你可以用 Porteus 在内存中运行启动,这样就不需要把 U 盘连接到你的电脑上,或者你可以从驱动器上运行,这样你就可以保留你的修改。打包应用很容易,而且 Slacker 社区有很多现有的软件包。这是我唯一需要的实时发行版“。—[Seth Kenlon][4]。
### 额外的Knoppix
”我已经有一段时间没有使用 **Knoppix** 了,但我曾一度经常使用它来拯救那些被恶意软件破坏的 Windows 电脑。它最初于 2000 年 9 月发布,此后一直在持续开发。它最初是以 Linux 顾问 Klaus Knopper 的名字开发并命名的,被设计为 Live CD。我们用它来拯救由于恶意软件和病毒而变得无法访问的 Windows 系统上的用户文件“。—[Don Watkins][9]
”Knoppix 对实时 Linux 有很大的影响,但它也是对盲人用户最方便的发行版之一。它的 [ADRIANE 界面][10] 被设计成可以在没有视觉显示器的情况下使用,并且可以处理任何用户可能需要从计算机上获得的所有最常见的任务。“ —[Seth Kenlon][11] 。
### 选择你的实时 Linux
有很多没有提到的,比如 [Slax][12](一个基于 Debian 的实时发行版)、[Tiny Core][13]、[Slitaz][14]、[Kali][15](一个注重安全的实用发行版)、[E-live][16],等等。如果你有一个空闲的 U 盘,把 Linux 放在上面,在任何时候都可以在任何电脑上使用 Linux
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/4/usb-drive-linux-distro
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux_keyboard_desktop.png?itok=I2nGw78_ (Linux keys on the keyboard for a desktop computer)
[2]: https://opensource.com/users/jtpennington
[3]: https://opensource.com/users/psachin
[4]: http://opensource.com/users/seth
[5]: https://opensource.com/users/sergey-zarubin
[6]: https://opensource.com/users/smorris12
[7]: https://opensource.com/users/steven-ellis
[8]: https://opensource.com/users/alanfdoss
[9]: https://opensource.com/users/don-watkins
[10]: https://opensource.com/life/16/7/knoppix-adriane-interface
[11]: https://opensource.com/article/21/4/opensource.com/users/seth
[12]: http://slax.org
[13]: http://www.tinycorelinux.net/
[14]: http://www.slitaz.org/en/
[15]: http://kali.org
[16]: https://www.elivecd.org/